Rewterz Threat Advisory – ICS: Siemens SICAM Q100 Session Vulnerability
November 14, 2022Rewterz Threat Advisory – ICS: Delta Electronics InfraSuite Device Master Vulnerabilities
November 14, 2022Rewterz Threat Advisory – ICS: Siemens SICAM Q100 Session Vulnerability
November 14, 2022Rewterz Threat Advisory – ICS: Delta Electronics InfraSuite Device Master Vulnerabilities
November 14, 2022Severity
High
Analysis Summary
APT-C-23 (aka AridViper) is an Arabic-speaking Advanced Persistent Threat group working for Hamas. The threat group has been previously known to target Middle-Eastern countries but has been recently observed targeting Israeli officials and individuals. Their espionage campaign aims to steal credentials and sensitive information from the victim’s PC and mobile devices. Their most active targets are Israeli individuals working for the military, emergency services, and any law enforcement agencies. Their primary infection method is social engineering, through which they deliver trojanized messages via Facebook or other social media applications. The group has been using an upgraded malware called “Barb(ie) Downloader” and “BarbWire Backdoor” and an android implant named VolatileVenom.
The latest campaign observed contains a file disguised as a word document, named ‘The national role of the revolutionary and national councils in confronting the plans for liquidation and Judaization’
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
swsan-lina-soso[.]info
MD5
- 776811c25d105bfd9e1c358f93a4c669
SHA-256
- 36037040711231986f7509a2aa2af74b33022defac4669fb0eb14beba7caff39
SHA-1
- aeeeee47becaa646789c5ee6df2a6e18f1d25228
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment