Menu
Arabic cyberespionage group attacking Middle Eastern, other targets

Arabic cyberespionage group attacking Middle Eastern, other targets

The Desert Falcons mercenary group has stolen more than 1 million files since 2013

An Arabic cyberespionage group has attacked thousands of high-profile targets in Egypt, Israel, Jordan and other countries for the past two years, cybersecurity vendor Kaspersky Lab said.

The cybermercenaries, which the vendor dubbed the Desert Falcons, has stolen more than 1 million files from 3,000 victims in more than 50 countries, Kaspersky Lab said Tuesday. The group, likely native Arabic speakers, began in 2011, with the first infections coming in 2013, the company said.

Targeted countries include Algeria, Lebanon, Turkey and the United Arab Emirates in the Middle East, and the U.S., Russia, France and Sweden beyond the region, Kaspersky said.

The group's motivation seems to be political, with targets including industry, politicians and prominent activists, said Dmitry Bestuzhev, a security expert at Kaspersky's Lobal Research and Analysis Team.

Whoever is behind the group is not interested in money but in secret classified information that can offer advantages in negotiations or political maneuvering, he said by email.

The attackers appears to be using the stolen information "exclusively for their own needs," he added. The information has not been offered for sale or exposed publicly.

The group uses phishing attacks through email, social-networking sites and chat messages to gain access to an organization, then plants two backdoors in computer systems, Kaspersky said. The backdoor malware, which appears to be developed from scratch, gives the attackers the ability to take screen shots, log keystrokes, upload and download files and collect Word and Excel files on a victim's hard drive or connected USB device, the company said.

The Desert Falcons have targeted Windows and Android systems, the vendor said.

The group has used several techniques to entice victims to run malicious files, including the so-called right-to-left extension override trick, a way in Unicode to reverse the order of characters in a file name, the cybersecurity vendors said.

This is the third major cyberthreat announcement Kaspersky Lab has made this week. On Sunday, the company reported that a still-active cybercriminal gang has stolen up to US $1 billion from banks in at least 25 countries over the last two years.

And on Monday, Kaspersky reported that a cyberespionage group using tools similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries such as Iran and Russia.

The Desert Falcons group is made up of at least 30 people, operating in three teams and spread across several countries, according to Kaspersky estimates.

The group's members are "highly determined, active and with good technical, political and cultural insight," Bestuzhev said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Dmitry Bestuzhevsecuritydata breachExploits / vulnerabilitieskaspersky lab

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments