Security is Everyone's Job

APT C-23

APT C-23 is a threat group that researchers have attributed to Hamas, a Palestinian militant group

APT C-23 has been active since at least 2015, and has targeted organizations and individuals in the Middle East, especially in Israel and Palestine

APT C-23 has also been linked to other threat groups, such as APT-C-27 and APT-C-37

Attack types

APT C-23 is known to use various techniques such as spearphishing, catfishing, credential harvesting, web shells, remote access trojans, and data exfiltration

APT C-23 has also exploited vulnerabilities in widely used software such as Microsoft Office, Adobe Flash, and Android OS

Some of the malware families that APT C-23 has used are MicroPS, Vamp, FrozenCell, GnatSpy, Desert Scorpion, and SpyC23

These malware are designed to steal information, monitor activity, or gain persistence on the compromised systems


Some of the aliases that APT C-23 has been given by different security researchers are Two-tailed Scorpion, AridViper, Desert Falcon, and Lyceum

The name “Two-tailed Scorpion” originates from the use of scorpion-related terms in some of their malware