Introduction
AridViper is a state-sponsored APT primarily targeting military personnel, journalists, and dissidents in the Middle East, with a focus on Israel and Palestine. The group employs custom-developed mobile malware, including variants like AridSpy, GnatSpy, and Micropsia, often delivered through spear-phishing emails and deceptive applications. Their operations involve sophisticated social engineering tactics, including the use of fake social media profiles and weaponized apps masquerading as legitimate services. AridViperβs activities are characterized by a blend of technical sophistication and psychological manipulation, aiming to exfiltrate sensitive data from compromised systems.
Activities and Tactics
Targeted Sectors: Government, Defense, Energy, Finance, Education, High-Tech, Telecoms, Transportation, Media, NGOs, Civil Society, Legal, Military
Country of Origin: π³οΈ Palestine
Incident Type: Espionage
Suspected Victims: United States, Israel, Palestine, Middle East, Europe
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- MobileOrder
Attribution and Evidence
Country of Origin: Palestine Additional attribution information pending cataloguing.
References
References pending cataloguing.