Group: Stealth Falcon

From enterprise
Jump to: navigation, search
Stealth Falcon
ID G0038
Aliases Stealth Falcon

Stealth Falcon is a threat group that has conducted targeted spyware attacks against Emirati journalists, activists, and dissidents since at least 2012. Circumstantial evidence suggests there could be a link between this group and the United Arab Emirates (UAE) government, but that has not been confirmed.1

Alias Descriptions

  • Stealth Falcon - 1

Techniques Used

  • PowerShell - Stealth Falcon malware uses PowerShell commands to perform various functions, including gathering system information via WMI and executing commands from its C2 server.1
  • Credential Dumping - Stealth Falcon malware gathers passwords from multiple sources, including Windows Credential Vault, Internet Explorer, Firefox, Chrome, and Outlook.1
  • Scripting - Stealth Falcon malware uses PowerShell and WMI to script data collection and command execution on the victim.1