Project Raven

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Project Raven, also known as Stealth Falcon or FruityArmor, is a threat actor linked to the United Arab Emirates (UAE), identified by cybersecurity researchers as being active since 2012. This group has been associated with state-sponsored cyber-espionage activities, primarily targeting political activists, journalists, and dissidents in the Middle East. The group's operations have been attributed to various malicious activities, including the deployment of the Deadglyph malware. The group's tactics, techniques, and procedures (TTPs) align closely with those of another threat group, leading to suggestions that they may be one and the same. In January 2019, Reuters published an investigative report on Project Raven, revealing it as an initiative employing former NSA operatives and focusing on similar target demographics as Stealth Falcon. This revelation stirred significant attention in the cybersecurity community, with several analysts and organizations, including Claudio Guarnieri, drawing connections between Stealth Falcon and Project Raven based on overlapping targets and tactics. Amnesty International, based on reports referring to the same targets and attacks, concluded in 2019 that Stealth Falcon and Project Raven are indeed the same group. This conclusion was further supported by ESET, attributing the attacks to Stealth Falcon, aka Project Raven. If these findings hold true, it would signify that a single entity has been conducting a multi-faceted cyber-espionage campaign under different aliases, underscoring the complex and evolving landscape of state-sponsored cyber threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Stealth Falcon
2
Stealth Falcon, also known as Project Raven or FruityArmor, is a notable threat actor that has been active since at least 2012. This group is known for its cyber espionage activities primarily in the Middle East, targeting political activists, journalists, and dissidents. The group gained significan
Fruityarmor
1
FruityArmor, also known as Stealth Falcon or Project Raven, is a threat actor linked to the United Arab Emirates (UAE) according to MITRE. Active since 2012, this group has been associated with cyberespionage activities targeting political activists, journalists, and dissidents primarily in the Midd
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Mitre
State Sponso...
Eset
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DeadglyphUnspecified
1
Deadglyph is a sophisticated malware, named and detailed by ESET, used in cyberespionage attacks targeted at Middle Eastern governments. The malware is linked to the Stealth Falcon Advanced Persistent Threat (APT) group, also known as FruityArmor, which has been previously associated with the United
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Project Raven Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
CERT-EU
10 months ago
Stealth Falcon cyber spies use unusual backdoor in attacks on government entities in the Middle East
CERT-EU
10 months ago
Deadglyph: A New Backdoor Linked to Stealth Falcon APT in the Middle East
CERT-EU
10 months ago
New stealthy and modular Deadglyph malware used in govt attacks
CERT-EU
10 months ago
Stealth Falcon preying over Middle Eastern skies with Deadglyph
Securityaffairs
10 months ago
Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
CERT-EU
10 months ago
UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor