It is apparently the first known Arabic hacker group capable of developing and implementing cyber-espionage operations. Kaspersky Lab says it has multiple reasons to believe that the attackers are native Arabic speakers.
The team has been targeting military and government institutions, leading media outlets, research and education institutions, energy and utilities providers, activists and political leaders, physical security companies, as well as others thought to possess important geopolitical information.
So far, 100 of the malware samples that have been passed around by the attackers have now been tagged by Kaspersky Lab.
The Kaspersky team says the Desert Falcons first came into being in 2011 when they started developing and building their operation. However, the real infection was launched in 2013, with the peak of the activity registered last month.
The countries targeted the most are said to be Egypt, Palestine, Israel and Jordan. However, victims have also been found in Qatar, United Arab Emirates, Saudi Arabia, Algeria, Lebanon, Turkey and the US. There malware has also penetrated into Europe, infecting Norway, Sweden, France and Russia.
The group is mostly using the spear phishing method of penetration via e-mails, social media posts and chat messages, targeting primarily Windows computers and Android-based gadgets.
The attackers are believed to have been using the right-to-left extension override trick to entice victims into running the malicious files accompanying their phishing messages. The trick reverses the order of characters in a file name, hiding the dangerous file extension in the middle of the file name; it puts a harmless-looking file extension at the end to make the malware look like a harmless document or pdf file, prompting the user to open it.
Earlier in the week, Kaspersky Lab made reports about another cyber-espionage group that infected over 500 computers in more than 30 countries, targeting governments and financial institutions among others.
Equation Group was not linked to any country, but Kaspersky Lab hinted at links between the recently found malware and Stuxnet, a worm allegedly used by the US National Security Agency against Iran's nuclear facility in 2010.