APT-C-23

Also known as: APT-C-23, Arid Viper, Big Bang APT, Desert Falcon, Grey Karkadann, Mantis, TAG-63, Two-tailed Scorpion, APT_C_23, AridViper, Bearded Barbie

APT-C-23 is a threat group that has been active since at least 2014. symantec_mantis APT-C-23 has primarily focused its operations on the Middle East, including Israeli military assets. APT-C-23 has developed mobile spyware targeting Android and iOS devices since 2017. welivesecurity_apt-c-23

🌍 Country Palestine
🎯 Incident Type Espionage
🧭 ATT&CK G1028
Government Defense Energy Finance Education High-Tech Telecoms Transportation Media NGOs Civil Society Legal Military

Targeted Victims

United States Israel Palestine Middle East Europe

Associated Operations

Bearded Barbie Operation Bearded Barbie

Introduction

APT-C-23 is a threat group that has been active since at least 2014. symantec_mantis APT-C-23 has primarily focused its operations on the Middle East, including Israeli military assets. APT-C-23 has developed mobile spyware targeting Android and iOS devices since 2017. welivesecurity_apt-c-23

Activities and Tactics

Targeted Sectors: Government, Defense, Energy, Finance, Education, High-Tech, Telecoms, Transportation, Media, NGOs, Civil Society, Legal, Military

Country of Origin: 🏳️ Palestine

Incident Type: Espionage

Suspected Victims: United States, Israel, Palestine, Middle East, Europe

Notable Campaigns

  • Bearded Barbie
  • Operation Bearded Barbie

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • KASPERAGENT and MICROPSIA:
  • Desert Scorpion:

Attribution and Evidence

Country of Origin: Palestine Additional attribution information pending cataloguing.

References

[1] MITRE ATT&CK MITRE ATT&CK entry [2] symantec_mantis [3] welivesecurity_apt-c-23