Desert Falcons is a group of cybermercenaries operating from the Middle East and using a set of methods to hide and operate malware. The cybercriminals appear to be highly skilled: in addition to proficient social engineering tricks, they have developed the following from scratch:
Computer systems malware targeting Windows devices
Mobile malware targeting Android devices
Infection vectors, including phishing emails, fake websites and fake social networking accounts
Who are the victims of Desert Falcons?
Potential victims were enticed with socio-political news and information, and many succumbed rapidly to malware infection.
The victims targeted include:
Military and Government
Newspaper, TV/Radio Channels and Top Media Outlets
Financial and Trading Institutions
Research and Education Institutions
Activists and Political Leaders
Energy Firms
Physical Security Companies
Victims of the Desert Falcons are located mainly in the following countries:
Egypt
Palestine
Israel
Jordan
How do I know if I'm infected or not?
The list of indicators of compromise is available on Securelist.com
How can I protect myself against the Desert Falcons campaign?
Kaspersky Lab products detect and block all variants of the malware used in this campaign:
Trojan.Win32.DesertFalcons
Trojan-Spy.Win32.Agent.cncc
Trojan-Spy.Win32.Agent.ctcr
Trojan-Spy.Win32.Agent.ctcv
Trojan-Spy.Win32.Agent.ctcx
Trojan-Spy.Win32.Agent.cree
Trojan-Spy.Win32.Agent.ctbz
Trojan-Spy.Win32.Agent.comn
Trojan.Win32.Bazon.a
The Desert Falcons
Kaspersky
Desert Falcons is a group of cybermercenaries operating from the Middle East and using a set of methods to hide and operate malware.