Desert Falcon

Threat Actor Profile Updated 3 months ago

Download STIX

Preview STIX

Desert Falcon, also known as TAG-63, AridViper, or APT-C-23, is a threat actor believed to operate under the guidance of the Hamas terrorist organization. This group has been identified through infrastructure analysis associated with a website, revealing a cluster of domains that mimic their unique domain registration tradecraft. The cybersecurity industry identifies Desert Falcon as a significant threat due to its malicious intent and activities. In a recent operation, this threat actor was found behind an Android spyware campaign targeting Arabic-speaking users. The scheme involved a counterfeit dating app designed to harvest data from infected handsets. This attribution was made based on the low-grade malware quality and elaborate social engineering tactics employed in the operation, which are characteristic of the group's modus operandi. The activities of Desert Falcon underscore the increasing sophistication and audacity of cyber threats, especially those linked to politically motivated groups like Hamas. Their operations demonstrate a strategic use of social engineering and malware to compromise systems and gather sensitive information. As such, it is crucial for organizations to maintain robust cybersecurity measures to detect and mitigate such threats promptly.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Arid Viper	2	Arid Viper, also known as APT-C-23, Desert Falcons, or Two-tailed Scorpion, is a cyber espionage group that has been active since at least 2013, primarily targeting countries in the Middle East. The group's geographical location remains unknown, but it is associated with Palestinian interests and is
Aridviper	1	None

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Domains

Malware

Hamas

Android

Spyware

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Desert Falcon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	9 months ago	Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Checkpoint	5 months ago	19th February – Threat Intelligence Report - Check Point Research
Recorded Future	7 months ago	Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity \| Recorded Future
Recorded Future	9 months ago	Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity \| Recorded Future