APT-C-23
G10281 reportsaliases · APT-C-23 · Mantis · Arid Viper · Desert Falcon · TAG-63 · Grey Karkadann · Big Bang APT · Two-tailed Scorpion
1
Reports
2
Techniques
1
Tactics
1
Countries
100%
Hunt coverage
8
Aliases
Analyst assessment — key judgments
- Signature techniques: T1593.001 (Social Media), T1589.001 (Credentials).
- Primary targeting: RU.
- Activity declining: 0 report(s) in last 30d vs 1 prior (-100%).
- Hunt coverage 100% of 2 observed techniques (0 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
DecliningLast 30d: 0 vs 1 prior (-100%)· first reported 2026-06-10 · last 2026-06-10
0
7d
0
30d
1
90d
1
All
0.1
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
Targeting lost
RUOverview
Analyst triage
Intelligence summary
APT-C-23 is a threat group that has been active since at least 2014.(Citation: symantec_mantis) APT-C-23 has primarily focused its operations on the Middle East, including Israeli military assets. APT-C-23 has developed mobile spyware targeting Android and iOS devices since 2017.(Citation: welivesecurity_apt-c-23)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1593.001 · Social Mediaconf 601
- T1589.001 · Credentialsconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|