Project Raven

Threat Actor updated 5 months ago (2024-05-04T17:24:05.311Z)

Download STIX

Preview STIX

Project Raven, also known as Stealth Falcon or FruityArmor, is a threat actor linked to the United Arab Emirates (UAE), identified by cybersecurity researchers as being active since 2012. This group has been associated with state-sponsored cyber-espionage activities, primarily targeting political activists, journalists, and dissidents in the Middle East. The group's operations have been attributed to various malicious activities, including the deployment of the Deadglyph malware. The group's tactics, techniques, and procedures (TTPs) align closely with those of another threat group, leading to suggestions that they may be one and the same. In January 2019, Reuters published an investigative report on Project Raven, revealing it as an initiative employing former NSA operatives and focusing on similar target demographics as Stealth Falcon. This revelation stirred significant attention in the cybersecurity community, with several analysts and organizations, including Claudio Guarnieri, drawing connections between Stealth Falcon and Project Raven based on overlapping targets and tactics. Amnesty International, based on reports referring to the same targets and attacks, concluded in 2019 that Stealth Falcon and Project Raven are indeed the same group. This conclusion was further supported by ESET, attributing the attacks to Stealth Falcon, aka Project Raven. If these findings hold true, it would signify that a single entity has been conducting a multi-faceted cyber-espionage campaign under different aliases, underscoring the complex and evolving landscape of state-sponsored cyber threats.

Description last updated: 2024-05-04T17:12:36.806Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Stealth Falcon is a possible alias for Project Raven. Stealth Falcon, also known as Project Raven or FruityArmor, is a notable threat actor that has been active since at least 2012. This group is known for its cyber espionage activities primarily in the Middle East, targeting political activists, journalists, and dissidents. The group gained significan	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Project Raven Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
CERT-EU	a year ago	Stealth Falcon cyber spies use unusual backdoor in attacks on government entities in the Middle East
CERT-EU	a year ago	Deadglyph: A New Backdoor Linked to Stealth Falcon APT in the Middle East
CERT-EU	a year ago	New stealthy and modular Deadglyph malware used in govt attacks
CERT-EU	a year ago	Stealth Falcon preying over Middle Eastern skies with Deadglyph
Securityaffairs	a year ago	Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
CERT-EU	a year ago	UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor