Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Israeli officials are being catfished by AridViper hackers - Best Business Review Site 2024

Israeli officials are being catfished by AridViper hackers

[ad_1]

High-ranking Israeli officials are being catfished in a new cyberespionage campaign launched by AridViper. 

AridViper, also known as APT-C-23, Desert Falcon, and Two-tailed Scorpion, is a politically-driven advanced persistent threat (APT) group active in the Middle East.

In the past, AridViper has conducted spear-phishing attacks against Palestinian law enforcement, military, and educational establishments, as well as the Israel Security Agency (ISA). In February, Cisco Talos researchers uncovered AridViper attacks against activists associated with the Israel-Palestine conflict. 

On Thursday, Cybereason’s Nocturnus Research Team published new findings on the APT’s latest activities. 

Dubbed “Operation Bearded Barbie,” the latest campaign targets “carefully chosen” Israeli individuals to compromise their PCs and mobile devices, spy on their activities, and steal sensitive data. 

The researchers say the AridViper group, alongside MoleRATs, are subset APTs of the Hamas cyberwarfare division and are working to benefit the Palestinian political group. 

The operation’s victims include individuals working in Israel’s defense, law enforcement, and emergency service sectors. 

According to Cybereason, the first step in AridViper attacks relies on social engineering: after conducting reconnaissance on a victim, the group creates fake Facebook social media accounts, makes contact, and tries to entice the target to download Trojanized message apps. 

In some cases, the catfish profiles are created to appear to be young women.

Chats move from Facebook to WhatsApp, and from there, the catfish suggests a more ‘discrete’ messaging service. Another attack vector is the lure of a sexual video packaged up in a malicious .RAR achive. 

The APT has also upgraded its cyber weaponry. In particular, two new tools — Barb(ie) Downloader and BarbWire Backdoor — and a new implant variant, VolatileVenom, are worth exploring. 

Barb(ie) Downloader is delivered through the lure video and is used to install the BarbWire backdoor. The malware will perform several anti-analysis checks, including a scan for virtual machines (VMs) or the presence of sandboxes, before going ahead with the backdoor installation. Barb(ie) will also collect basic OS information and send it to the attacker’s command-and-control (C2) server. 

The BarbWire Backdoor is described as a “very capable” malware strain with high levels of obfuscation achieved through string encryption, API hashing, and process protection. 

BarbWire performs various surveillance functions, including keylogging, screen capture, and audio eavesdropping & recording. In addition, the malware variant can maintain persistence on an infected device, schedule tasks, encrypt content, download additional malware payloads, and exfiltrate data. 

The backdoor will specifically look for Microsoft Office documents, .PDF files, archives, images, and videos on the compromised machine and any connected external drives. 

Cybereason also spotted new VolatileVenom variants. VolatileVenom is Android malware served during the installation of the ‘discrete’ messaging app and has been designed to perform surveillance and theft. 

VolatileVenom can compromise an Android device’s microphone and audio functions, record calls and tests made over WhatsApp, read notifications from WhatsApp, Facebook, Telegram, Instagram, Skype, IMO, and Viber; read contact lists, and steal information including SMS messages, files, and app credentials. 

In addition, the malware can extract call logs, use the camera to take photos, tamper with WiFi connections, and download files to the device.

“The “tight grip” on their targets attests to how important and sensitive this campaign was for the threat actors,” Cybereason commented. “This campaign shows a considerable step-up in APT-C-23/AridViper capabilities, with upgraded stealth, more sophisticated malware, and perfection of their social engineering techniques which involve offensive HUMINT capabilities using a very active and well-groomed network of fake Facebook accounts that have been proven quite effective for the group.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot