Fruityarmor

Threat Actor updated 7 months ago (2024-11-29T14:05:49.309Z)

Download STIX

Preview STIX

FruityArmor, also known as Stealth Falcon or Project Raven, is a threat actor linked to the United Arab Emirates (UAE), according to MITRE. Active since 2012, this state-sponsored hacking group is known for targeting political activists, journalists, and dissidents in the Middle East. The cybersecurity industry often uses various names interchangeably to refer to such groups, which can be comprised of individuals, companies, or government entities. In September 2023, ESET published a report detailing a new and sophisticated backdoor used by FruityArmor, named DeadGlyph. This malware represents a significant advancement in the group's capabilities, enabling them to carry out cyberespionage attacks with increased sophistication. The Deadglyph malware was attributed to Stealth Falcon, underscoring its ongoing threat activity and development of new tools for malicious purposes. New cyberespionage attacks have been launched by Stealth Falcon using the novel Deadglyph malware, as reported by SC Magazine and The Hacker News in late September 2023. These reports underscore the persistent and evolving threat posed by FruityArmor, particularly given their focus on sensitive targets such as political activists and journalists. As such, it is crucial for organizations and individuals within their target demographic to remain vigilant and implement robust cybersecurity measures.

Description last updated: 2024-11-28T11:45:09.090Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Stealth Falcon is a possible alias for Fruityarmor. Stealth Falcon, also known as Project Raven or FruityArmor, is a notable threat actor that has been active since at least 2012. This group is known for its cyber espionage activities primarily in the Middle East, targeting political activists, journalists, and dissidents. The group gained significan	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Deadglyph Malware is associated with Fruityarmor. Deadglyph is a sophisticated malware, or malicious software, discovered in September 2023 by ESET researchers. It was identified as a new backdoor used by the FruityArmor threat actor, also known as Stealth Falcon, primarily targeting Middle Eastern governments. The malware consists of a native x64	Unspecified	2

Source Document References

Information about the Fruityarmor Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	25 days ago	Stealth Falcon's Exploit of Microsoft Zero Day Vulnerability - Check Point Research
Securelist	7 months ago	Kaspersky report on APT trends in Q3 2024
CERT-EU	2 years ago	DHS: US critical infrastructure facing malicious AI threat
CERT-EU	2 years ago	New Deadglyph backdoor detailed
CERT-EU	2 years ago	Stealth Falcon cyber spies use unusual backdoor in attacks on government entities in the Middle East
CERT-EU	2 years ago	New stealthy and modular Deadglyph malware used in govt attacks
CERT-EU	2 years ago	Stealth Falcon preying over Middle Eastern skies with Deadglyph