Cisco Talos has identified a new wave of what is believed to be an ongoing campaign using the Delphi malware since 2017. Talos believes with high confidence that this is the work of the Arid Viper threat actor. This is a group believed to be based out of Gaza that’s known to target organizations all over the world. The actor uses the Micropsia implant in the most recent wave that started around October 2021.
This actor uses their Delphi-based Micropsia implant to target Palestinian individuals and organizations, using politically themed file names and decoy documents. The most recent wave uses content originally published on the Turkish state-run news agency Anadolu and on the Palestinian MA’AN development center to target activists and Palestinian institutions. The tactics, techniques and procedures (TTPs) used in the most recent samples found by Talos lead us to believe this is a campaign linked to the previous campaign we reported on in 2017. Meta exposed this actor in an April 2021 report that focused mainly on mobile targeting operations. However, that did not stop the group, as they’ve continued to target Windows-based systems. Although this group hasn’t technologically evolved, it has the motivation and means to operate longstanding campaigns against the same targets.
Read more…
Source: Talos