Jump to content

Desert Falcons hackers infect thousands of Windows and Android devices

Recommended Posts


A cyber mercenary group, codenamed Desert Falcons, has infected thousands of government departments and businesses with malware, according to Kaspersky Lab.

The security firm revealed the campaign at its Security Analyst Summit, revealing that it has already detected 3,000 confirmed Desert Falcons infections on Android and Windows devices.

Victims include military and government bodies, media outlets, financial firms, research institutions, political activists, energy companies and physical security providers in Egypt, Palestine, Israel and Jordan.

"The Desert Falcons cyber criminals are native Arabic speakers, and it is believed to be the first known Arab group to develop and run a full cyber espionage operation," read the report.

"Desert Falcons began its operations in 2011, with the first infections taking place in 2013. The group became very active in late 2014/early 2015."

The group is believed to have around 30 members split into three teams, and focuses mainly on stealing political and military intelligence.

Kaspersky estimated that the hackers managed to steal more than one million files and documents containing sensitive information before being discovered.

Dmitry Bestuzhev, security expert at Kaspersky Lab's Great team, said the Desert Falcons target victims with tailored campaigns which include a prolonged period of surveillance.

"The individuals behind this threat are highly determined, active and with good technical, political and cultural insight," he explained.

"Using only phishing emails, social engineering and homemade tools and backdoors, Desert Falcons was able to infect hundreds of sensitive and important victims."

The campaign used a variety of malware types, and is one of the first to attempt to spread malware using Facebook chat.

"The attackers created authentic Facebook accounts and then interacted with chosen victims through common Facebook pages until they had gained their trust. Then they sent Trojan files in the chat hidden as an image or similar," read the paper.

"The Desert Falcons depends on two different backdoors to spy on victims. Both are homemade and are under continuous development. We were able to identify and collect more than 100 malware samples used by the Desert Falcons."

The selection of tools gives the hackers a variety of powers, including key-logging and the ability to upload and download files to command and control servers owned by the group.

Other powers include the ability to view information on all the .doc and .xls files on the victim's hard disk or connected USB devices, steal passwords and record audio files using infected machines.

Kaspersky has managed to identify some Desert Falcon members, but expects the group to continue operating.

"We were able to track and identify the full profile of some of the attackers, including Facebook and Twitter accounts, private blogs and websites," read the paper.

"[but] we expect their operations to carry on developing more trojans and using more advanced techniques."

Desert Falcons was one of many high-profile threat campaigns revealed during Kaspersky's security conference.

Kaspersky researchers reported on Tuesday that they had uncovered a widespread Equation attack infecting hard drive operating systems with malware.

The team also reported a Carbanak campaign which is believed to have stolen over $1bn from financial institutions.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...