Stealth Falcon (aka FruityArmor) is a cyber espionage group that has been targeting journalists, activists, and dissidents in the Middle East. They use spear-phishing lures to deliver custom implants capable of executing arbitrary commands. The group has been linked to Project Raven, a clandestine operation involving former U.S. intelligence operatives. They have exploited zero-day vulnerabilities in Windows and used a backdoor named Win32/StealthFalcon. Their latest addition is a backdoor called Deadglyph, which uses the Windows Registry to extract and load shellcode. The backdoor communicates with a command-and-control server and can execute various tasks, manage modules, and upload command outputs. Deadglyph employs counter-detection mechanisms and can uninstall itself to avoid detection.
- Stealth Falcon is a cyber espionage group targeting individuals in the Middle East.
- They use spear-phishing lures to deliver custom implants for executing commands.
- They have been linked to Project Raven, a covert operation involving former U.S. intelligence operatives.
- They have exploited zero-day vulnerabilities in Windows and used a backdoor named Win32/StealthFalcon.
- Their latest addition is a backdoor called Deadglyph, which uses the Windows Registry to extract and load shellcode.
- Deadglyph communicates with a command-and-control server and can execute tasks, manage modules, and upload command outputs.
- It employs counter-detection mechanisms and can uninstall itself to avoid detection.