The group is Attacking Thousands of Victims Globally
Kaspersky Lab’s Global Research and Analysis Team has discovered Desert Falcons – a cyber-espionage group targeting multiple high profile organizations and individuals from Middle East countries. Kaspersky Lab experts consider this actor to be the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations.
The campaign has been active for at least two years. The Desert Falcons started developing and building their operation in 2011, with their main campaign and real infection beginning in 2013. The peak of their activity was registered at the beginning of 2015;
The vast majority of targets are based in Egypt, Palestine, Israel and Jordan;
Apart from the Middle East countries focused on as initial targets, the Desert Falcons are also hunting out of the territory. In total, they have been able to attack more than 3,000 victims in 50+ countries globally, with over one million files stolen.
The attackers utilize proprietary malicious tools for attacks on Windows PCs and Android-based devices;
Kaspersky Lab experts have multiple reasons to believe that the attackers behind the Desert Falcons are native Arabic speakers.
The list of targeted victims include Military and Government organizations – particularly employees responsible for countering money laundering as well as health and the economy; leading media outlets; research and education institutions; energy and utilities providers; activists and political leaders; physical security companies; and other targets in possession of important geopolitical information. In total Kaspersky Lab experts were able to find signs of more than 3000 victims in 50+ countries, with more than one million files stolen. Although the main focus of Desert Falcons’ activity appears to be in countries such as Egypt, Palestine, Israel and Jordan, multiple victims were also found in Qatar, KSA, UAE, Algeria, Lebanon, Norway, Turkey, Sweden, France, the United States, Russia and other countries.