Desert Falcon

Threat Actor updated a month ago (2024-11-29T14:42:28.320Z)
Download STIX
Preview STIX
Desert Falcon, also known as TAG-63, AridViper, or APT-C-23, is a threat actor believed to operate under the guidance of the Hamas terrorist organization. This group has been identified through infrastructure analysis associated with a website, revealing a cluster of domains that mimic their unique domain registration tradecraft. The cybersecurity industry identifies Desert Falcon as a significant threat due to its malicious intent and activities. In a recent operation, this threat actor was found behind an Android spyware campaign targeting Arabic-speaking users. The scheme involved a counterfeit dating app designed to harvest data from infected handsets. This attribution was made based on the low-grade malware quality and elaborate social engineering tactics employed in the operation, which are characteristic of the group's modus operandi. The activities of Desert Falcon underscore the increasing sophistication and audacity of cyber threats, especially those linked to politically motivated groups like Hamas. Their operations demonstrate a strategic use of social engineering and malware to compromise systems and gather sensitive information. As such, it is crucial for organizations to maintain robust cybersecurity measures to detect and mitigate such threats promptly.
Description last updated: 2024-03-06T01:44:09.643Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Arid Viper is a possible alias for Desert Falcon. Arid Viper, also known as APT-C-23, Desert Falcons, or Two-tailed Scorpion, is a cyber espionage group that has been active since at least 2013, primarily targeting countries in the Middle East. The group's geographical location remains unknown, but it is associated with Palestinian interests and is
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Desert Falcon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more