← threatfilter.dev / all groups / Stealth Falcon
Stealth Falcon
Overview
Stealth Falcon is a threat group that has conducted targeted spyware attacks against Emirati journalists, activists, and dissidents since at least 2012. Circumstantial evidence suggests there could be a link between this group and the United Arab Emirates (UAE) government, but that has not been confirmed.
Targets
Activists · Civil society · Dissidents · Journalists
Regions
United Arab Emirates · United Kingdom
TTPs — 16 techniques across 6 tactics
Execution
-
T1047Windows Management Instrumentation -
T1053.005Scheduled Task -
T1059Command and Scripting Interpreter -
T1059.001PowerShell
Credential Access
-
T1555Credentials from Password Stores -
T1555.003Credentials from Web Browsers -
T1555.004Windows Credential Manager
Discovery
-
T1012Query Registry -
T1016System Network Configuration Discovery -
T1033System Owner/User Discovery -
T1057Process Discovery -
T1082System Information Discovery
Collection
-
T1005Data from Local System
Command and Control
-
T1071.001Web Protocols -
T1573.001Symmetric Cryptography
Exfiltration
Reporting (1)
- Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents — Marczak, B. and Scott-Railton, J.