Former NSA agents target journalists and human rights activists

Stealth falcon is known to have been active since 2012 and is notorious for attacking journalists and political figures.

By LEON SVERDLOV
September 11, 2019 00:48
1 minute read.
Employees, mostly veterans of military computing units, use keyboards working at a cyber hotline

Employees, mostly veterans of military computing units, use keyboards as they work at a cyber hotline facility at Israel's Computer Emergency Response Centre (CERT) in Beersheba, southern Israel. (photo credit: REUTERS/AMIR COHEN)

Private investigators have found a "back door" used by Stealth Falcon, a cybercrime group known for attacking journalists and human rights activists, that enables the group to infiltrate their victims' computers using email, ESET Israel, an IT security company reported on Monday.

Stealth falcon is known to have been active since 2012, is notorious for attacking journalists and political figures. It is allegedly associated with Project Raven, a clandestine team consisting of more than a dozen former US intelligence operatives recruited to help the United Arab Emirates gather intelligence regarding other governments, militants and human rights activists.
Project Raven, operated by former US intelligence agents from a location in Abu Dhabi locally known as "the Villa," uses NSA surveillance techniques to hack into phones and computers of its enemies, namely figures the UAE perceives as a threat, such as human rights activists, journalists and political rivals.


According to ESET Israel, the cybersecurity firm has found a previously unreported "back door" spread using a malicious email that lets Stealth Falcon hack into their victims' computers. The malware that is based on PowerShell, a Windows task automation and configuration management framework, has been used to attack numerous figures in the UAE, Saudi Arabia, Thailand and the Netherlands.


The back door, said ESET Israel, uses a unique technique to communicate with Windows' Background Intelligent Transfer Service (BITS), enabling the malware to bypass almost all firewalls without being detected by antivirus software.

REUTERS contributed to this report.


Related Content

Emmanuel Macron looks at a grave defaced with a swastika during a visit to the Jewish cemetery
September 16, 2019
World War II veterans' graves vandalized with swastikas in Netherlands

By JERUSALEM POST STAFF