Dark Caracal

Dark Caracal is a notable threat actor in the realm of cybersecurity, known for its malicious activities primarily targeting Latin America. The group has been active for several years, with significant campaigns reported by Checkpoint Research and ESET in 2020. Dark Caracal's operations have evolved over time, with evidence suggesting that the infrastructure used in their campaigns is continuously updated and improved. Notably, the group was linked to the Lebanese General Security Directorate in a joint report from Lookout and the Electronic Frontier Foundation (EFF), highlighting potential nation-state affiliations. The group's campaigns have featured a range of malware, including Bandook, which had almost disappeared from the threat landscape before reappearing in Dark Caracal's 2015 and 2017 campaigns, dubbed "Operation Manul" and "Dark Caracal," respectively. More recently, researchers have analyzed a new campaign by Dark Caracal, according to an EFF report. It is believed that the operators behind these campaigns are still active and operational, providing offensive cyber operations services to any party willing to pay. Despite being one among several Advanced Persistent Threat (APT) groups operating out of countries with relatively quiet APT activity—like Volatile Cedar and Tempting Cedar—Dark Caracal should not be underestimated. The group's modus operandi, as detailed by Insikt Group's Dark Caracal Intelligence Card™, points to a sophisticated and persistent adversary. All available evidence underscores the need for continued vigilance and proactive defense strategies against such threat actors.