Desert Falcon

Threat Actor updated a month ago (2024-11-29T14:42:28.320Z)

Download STIX

Preview STIX

Desert Falcon, also known as TAG-63, AridViper, or APT-C-23, is a threat actor believed to operate under the guidance of the Hamas terrorist organization. This group has been identified through infrastructure analysis associated with a website, revealing a cluster of domains that mimic their unique domain registration tradecraft. The cybersecurity industry identifies Desert Falcon as a significant threat due to its malicious intent and activities. In a recent operation, this threat actor was found behind an Android spyware campaign targeting Arabic-speaking users. The scheme involved a counterfeit dating app designed to harvest data from infected handsets. This attribution was made based on the low-grade malware quality and elaborate social engineering tactics employed in the operation, which are characteristic of the group's modus operandi. The activities of Desert Falcon underscore the increasing sophistication and audacity of cyber threats, especially those linked to politically motivated groups like Hamas. Their operations demonstrate a strategic use of social engineering and malware to compromise systems and gather sensitive information. As such, it is crucial for organizations to maintain robust cybersecurity measures to detect and mitigate such threats promptly.

Description last updated: 2024-03-06T01:44:09.643Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Arid Viper is a possible alias for Desert Falcon. Arid Viper, also known as APT-C-23, Desert Falcons, or Two-tailed Scorpion, is a cyber espionage group that has been active since at least 2013, primarily targeting countries in the Middle East. The group's geographical location remains unknown, but it is associated with Palestinian interests and is	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Desert Falcon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Checkpoint	10 months ago	19th February – Threat Intelligence Report - Check Point Research
Recorded Future	a year ago	Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity \| Recorded Future
Recorded Future	a year ago	Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity \| Recorded Future