Dark Caracal

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Dark Caracal is a notable threat actor in the realm of cybersecurity, known for its malicious activities primarily targeting Latin America. The group has been active for several years, with significant campaigns reported by Checkpoint Research and ESET in 2020. Dark Caracal's operations have evolved over time, with evidence suggesting that the infrastructure used in their campaigns is continuously updated and improved. Notably, the group was linked to the Lebanese General Security Directorate in a joint report from Lookout and the Electronic Frontier Foundation (EFF), highlighting potential nation-state affiliations. The group's campaigns have featured a range of malware, including Bandook, which had almost disappeared from the threat landscape before reappearing in Dark Caracal's 2015 and 2017 campaigns, dubbed "Operation Manul" and "Dark Caracal," respectively. More recently, researchers have analyzed a new campaign by Dark Caracal, according to an EFF report. It is believed that the operators behind these campaigns are still active and operational, providing offensive cyber operations services to any party willing to pay. Despite being one among several Advanced Persistent Threat (APT) groups operating out of countries with relatively quiet APT activity—like Volatile Cedar and Tempting Cedar—Dark Caracal should not be underestimated. The group's modus operandi, as detailed by Insikt Group's Dark Caracal Intelligence Card™, points to a sophisticated and persistent adversary. All available evidence underscores the need for continued vigilance and proactive defense strategies against such threat actors.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BandookUnspecified
1
Bandook is a long-standing malicious software, or malware, specifically classified as a Remote Access Trojan (RAT). As the name suggests, this type of malware allows remote access to infected systems, enabling unauthorized users to control the system as if they had physical access. Bandook has been
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
POLONIUMUnspecified
1
Polonium is a threat actor group, believed to be based in Lebanon, that has been responsible for significant cyberattacks on Israel's operational technology (OT) and critical infrastructure. In December, Israel's National Cyber Directorate issued warnings that Polonium had targeted critical sectors
Volatile CedarUnspecified
1
None
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dark Caracal Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Recorded Future
6 months ago
What is the Diamond Model of Intrusion Analysis?
DARKReading
8 months ago
Iran Threatens Israel's Critical Infrastructure With 'Polonium' Proxy
MITRE
a year ago
Bandook: Signed & Delivered - Check Point Research
CERT-EU
a year ago
Links 11/02/2023: Zstandard 1.5.4 Released and Red Hat Promotes Microsoft
CERT-EU
a year ago
13th February – Threat Intelligence Report - Check Point Research