APT C-23 is a threat group that researchers have attributed to Hamas, a Palestinian militant group
APT C-23 has been active since at least 2015, and has targeted organizations and individuals in the Middle East, especially in Israel and Palestine
APT C-23 has also been linked to other threat groups, such as APT-C-27 and APT-C-37
Attack types
APT C-23 is known to use various techniques such as spearphishing, catfishing, credential harvesting, web shells, remote access trojans, and data exfiltration
APT C-23 has also exploited vulnerabilities in widely used software such as Microsoft Office, Adobe Flash, and Android OS
Some of the malware families that APT C-23 has used are MicroPS, Vamp, FrozenCell, GnatSpy, Desert Scorpion, and SpyC23
These malware are designed to steal information, monitor activity, or gain persistence on the compromised systems
Aliases
Some of the aliases that APT C-23 has been given by different security researchers are Two-tailed Scorpion, AridViper, Desert Falcon, and Lyceum
The name “Two-tailed Scorpion” originates from the use of scorpion-related terms in some of their malware