A group using self-developed targeted attack tools has hit 3,000 targets in the Middle East and carried out espionage actions across the region.
Named the Desert Falcons, according to the report by Kaspersky Lab the 30-strong Palestine, Egypt and Turkey-based group carries out its actions with its own “homemade malware tools and techniques to execute and conceal its campaigns on PC and Mobile OS”.
The group was first seen in 2011, with first infections made in 2013. By the end of 2014 and beginning of 2015, the group was very active. Most victims were in Palestine, Egypt, Israel and Jordan, but others have been discovered in Saudi Arabia, the UAE, the US, South Korea, Morocco, Qatar and others, and include Government, critical infrastructure, oil and gas, defence and media targets.
Infection is mainly carried out by a variety of technical and social engineering methods, including a fake website that promises to publish censored political information and asks users to download a malicious plugin to view a video, or the common use of spear phishing emails or social network messages to deliver malicious files using an extension override.
“The operation is very active and is currently in peak condition,” Kaspersky Lab said. “ We are continuously identifying new samples and victims for all related campaigns.
“Desert Falcons are the first known Cyber espionage attacks to be fully developed and operated by Arabic speakers to target the Middle East. It has affected a stunning range of victims, stealing more than one million special files.”
The company called it “an alert for the poor cyber security situation in the region” as the Desert Falcons’ threat actors are determined, active and have good technical knowledge.
“We expect their operations to carry on developing more Trojans and using more advanced techniques,” said Dmitry Bestuzhev, security expert at Kaspersky Lab’s Global Research and Analysis Team.
“With enough funding, they might be able to acquire or develop exploits that would increase the efficiency of their attacks. Desert Falcons is just one example of the rise of cyber crime in a geopolitically troubled region that will motivate other threat actors or states to leverage cyber attacks for political or criminal goals.”