Kaspersky discovers Hunting Desert Falcons

Desert Falcons_CPGlobal Research and Analysis Team from Kaspersky Lab discovered that Desert Falcons – a cyber espionage group targeting multiple high profile organisations and individuals from Middle East countries. Kaspersky Lab experts consider this actor to be the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations.

The campaign has been active for at least two years. The Desert Falcons started developing and building their operation in 2011, with their main campaign and real infection beginning in 2013. The peak of their activity was registered at the beginning of 2015;

In total Kaspersky Lab experts were able to find signs of more than 3000 victims in 50+ countries, with more than one million files stolen. Although the main focus of Desert Falcons’ activity appears to be in countries such as Egypt, Palestine, Israel and Jordan, multiple victims were also found in Qatar, KSA, UAE, Algeria, Lebanon, Norway, Turkey, Sweden, France, the United States, Russia and other countries.

The attackers utilise proprietary malicious tools for attacks on Windows PCs and Android-based devices; Kaspersky Lab experts have multiple reasons to believe that the attackers behind the Desert Falcons are native Arabic speakers.

Desert Falcons_CP_1The list of targeted victims include Military and Government organisations – particularly employees responsible for countering money laundering as well as health and the economy; leading media outlets; research and education institutions; energy and utilities providers; activists and political leaders; physical security companies; and other targets in possession of important geopolitical information.

Kaspersky Lab researchers estimate that at least 30 people, in three teams, spread across different countries, are operating the Desert Falcons malware campaigns.

“We expect this operation to carry on developing more Trojans and using more advanced techniques. With enough funding, they might be able to acquire or develop exploits that would increase the efficiency of their attacks,” said Dmitry Bestuzhev, security expert at Kaspersky Lab’s Global Research and Analysis Team.