G1028 · 0 ATT&CK techniques · 14 correlated reports

APT-C-23

Aliases: Mantis, Arid Viper, Desert Falcon, TAG-63, Grey Karkadann, Big Bang APT, Two-tailed Scorpion

APT-C-23 is a threat group that has been active since at least 2014. APT-C-23 has primarily focused its operations on the Middle East, including Israeli military assets. APT-C-23 has developed mobile spyware targeting Android and iOS devices since 2017.

Open interactive actor investigation

ATT&CK techniques

Correlated CTI and IR reports

Arid Viper poisons Android apps with AridSpy
ESET Research · direct source mappingTechnical threat report: Arid Viper
Meta · actor referenceIsraelis download malicious RedAlert app
Cybernews / Acronis coverage · actor referenceThe Israel-Hamas War: Cyber Domain State-Sponsored Activity of Interest
SentinelOne · actor referenceAPT39 (Chafer / Remix Kitten)
Israel Threat Actors CTI · explicit report mentionActor Deep Research Prompts
Israel Threat Actors CTI · explicit report mentionCyber Threat Intelligence Dossier: Iranian and Hamas-Aligned Operations Targeting Israeli and Allied Ecosystems (2023-2026)
Israel Threat Actors CTI · explicit report mentionDefensive CTI Research on Threats to Israeli Government and Public-Sector Environments
Israel Threat Actors CTI · explicit report mentionDefensive Cyber Threat Intelligence Report: Israeli Critical Infrastructure and Geopolitical Escalation (2024-2026)
Israel Threat Actors CTI · explicit report mentionIsrael Government Threat Actors CTI: Evidentiary Foundation Intake
Israel Threat Actors CTI · explicit report mentionRelease Notes
Israel Threat Actors CTI · explicit report mentionReport Index
Israel Threat Actors CTI · explicit report mentionResearch Intake Upgrade Summary
Israel Threat Actors CTI · explicit report mentionAPT-C-23 / Arid Viper G1028
MITRE ATT&CK · actor context

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research