Desert Falcon

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Desert Falcon, also known as TAG-63, AridViper, or APT-C-23, is a threat actor believed to operate under the guidance of the Hamas terrorist organization. This group has been identified through infrastructure analysis associated with a website, revealing a cluster of domains that mimic their unique domain registration tradecraft. The cybersecurity industry identifies Desert Falcon as a significant threat due to its malicious intent and activities. In a recent operation, this threat actor was found behind an Android spyware campaign targeting Arabic-speaking users. The scheme involved a counterfeit dating app designed to harvest data from infected handsets. This attribution was made based on the low-grade malware quality and elaborate social engineering tactics employed in the operation, which are characteristic of the group's modus operandi. The activities of Desert Falcon underscore the increasing sophistication and audacity of cyber threats, especially those linked to politically motivated groups like Hamas. Their operations demonstrate a strategic use of social engineering and malware to compromise systems and gather sensitive information. As such, it is crucial for organizations to maintain robust cybersecurity measures to detect and mitigate such threats promptly.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Arid Viper
2
Arid Viper, also known as APT-C-23 or Desert Falcon, is a threat actor associated with Palestinian interests and has been conducting cyber espionage activities throughout the Middle East. According to a paper titled "Reinventing the steal: Arid Viper now with a Rusty flavour" presented at VB2023, Ar
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Desert Falcon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Checkpoint
3 months ago
19th February – Threat Intelligence Report - Check Point Research
CERT-EU
7 months ago
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Recorded Future
4 months ago
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future
Recorded Future
7 months ago
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future