The attack on Donaghy - and the Twitter attacks - involved a malicious URL shortening site. Of the 27 targets, 24 were obviously linked to the UAE, based on their profile information (e.g., photos, “UAE” in account name, location), and at least six targets appeared to be operated by people who were arrested, sought for arrest, or convicted in absentia by the UAE government, in relation to their Twitter activity. We found 31 public tweets sent by Stealth Falcon, 30 of which were directly targeted at one of 27 victims. We also identified other bait content employed by this threat actor.
We traced digital artifacts used in this campaign to links sent from an activist’s Twitter account in December 2012, a period when it appears to have been under government control. 2Ĭircumstantial evidence suggests a link between Stealth Falcon and the UAE government. Donaghy has written critically of the United Arab Emirates (UAE) government in the past, 1 and had recently published a series of articles based on leaked emails involving members of the UAE government. Donaghy, a UK-based journalist and founder of the Emirates Center for Human Rights, received a spyware-laden email in November 2015, purporting to offer him a position on a human rights panel. We discovered this campaign when an individual purporting to be from an apparently fictitious organization called “The Right to Fight” contacted Rori Donaghy. The attacks have been conducted from 2012 until the present, against Emirati journalists, activists, and dissidents. This report describes a campaign of targeted spyware attacks carried out by a sophisticated operator, which we call Stealth Falcon.
0 kommentar(er)
