May 30, 2016
A cyber-espionage group codenamed Stealth Falcon is using a combination of home-cooked malware and social engineering tactics to spy on Emirati journalists, activists, and dissidents, The Citizen Lab team at the University of Toronto reported this weekend.
The United Arab Emirates (UAE) has been one of the Hacking Team’s most loyal customers, using its spyware and surveillance software to target and monitor its own citizens, with at least three high-profile cases making it into international media.
But as the Hacking Team’s activities were exposed last summer, the company lost a lot of its customers, who either moved to other government surveillance suppliers such as Finfisher, NSO Group, and Cellebrite, or started developing their own monitoring software.
Stealth Falcon APT campaign leveraged Twitter and shortened URLs
The Citizen Lab team revealed in its latest report that UAE seems to have moved on from Hacking Team’s RCS surveillance kit, and is now using custom spyware developed by an advanced persistent threat (APT) group called Stealth Falcon, whose activities left a trail of breadcrumbs back to the UAE government.