Desert Falcons

Threat Actor Profile Updated a month ago
Download STIX
Preview STIX
Desert Falcons, also known as APT-C-23, Arid Viper, or Two-tailed Scorpion, is a threat actor group associated with cyber espionage activities that have been ongoing since at least 2013. This group has targeted countries in the Middle East and has shown links to the Gaza Cybergang Group2, which is known for its medium-level sophistication. The Desert Falcons have been tracked under various names by different cybersecurity firms, such as TAG-63 by Recorded Future, indicating the complexity of their operations and their significant presence in the world of cyber threats. The group's activities have been documented in several publications, including reports detailing their targeted attacks. Their tactics, techniques, and procedures (TTPs) are analyzed, providing insight into their modus operandi. Furthermore, there is evidence of connections to other threat groups, like Operation Parliament (Group3), highlighting the interconnectedness of these malicious entities in the cyber landscape. Desert Falcons demonstrated a peak of activity towards the end of 2017 and the beginning of 2018, suggesting an escalation in their operations during this period. More information on the group's activities and their connections to other threat actors will be presented in future publications. Given their history and the potential for future threats, continued monitoring and analysis of the Desert Falcons' activities are essential for maintaining cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Arid Viper
3
Arid Viper, also known as APT-C-23, Desert Falcons, or Two-tailed Scorpion, is a cyber espionage group that has been active since at least 2013, primarily targeting countries in the Middle East. The group's geographical location remains unknown, but it is associated with Palestinian interests and is
Gaza Cybergang
1
The Gaza Cybergang, a threat actor suspected to be affiliated with the Palestinian militant group Hamas, has been involved in various cyber espionage campaigns targeting both Palestinian and Israeli entities since 2012. The group is known for its use of sophisticated malware, including variants of S
Mantis
1
Mantis is a recognized threat actor, known for its sophisticated cyber operations. This group has been linked to several high-profile attacks and campaigns, including one that was tracked by Recorded Future as TAG-63, also known as APT-C-23. Mantis has shown connections to other notable threat group
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Android
Ios
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Operation ParliamentUnspecified
1
Operation Parliament is a highly sophisticated cyber threat campaign orchestrated by the Gaza Cybergang Group3, a threat actor known for executing actions with malicious intent. This group, which could consist of individuals, private companies, or government entities, has previously conducted operat
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Desert Falcons Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a month ago
Arid Viper poisons Android apps with AridSpy
InfoSecurity-magazine
a month ago
Arid Viper Hackers Spy in Egypt and Palestine Using Android Spyware
MITRE
a year ago
Gaza Cybergang Group1, operation SneakyPastes
CERT-EU
9 months ago
Hamas-linked app offers window into cyber infrastructure, possible links to Iran
CERT-EU
a year ago
For Apple users, tips on improving Wi-Fi performance | Antivirus and Security news
MITRE
a year ago
APT Trends report Q1 2018