Private investigators have found a "back door" used by Stealth Falcon, a cybercrime group known for attacking journalists and human rights activists, that enables the group to infiltrate their victims' computers using email, ESET Israel, an IT security company reported on Monday.
Stealth falcon is known to have been active since 2012, is notorious for attacking journalists and political figures. It is allegedly associated with Project Raven, a clandestine team consisting of more than a dozen former US intelligence operatives recruited to help the United Arab Emirates gather intelligence regarding other governments, militants and human rights activists.
Project Raven, operated by former US intelligence agents from a location in Abu Dhabi locally known as "the Villa," uses NSA surveillance techniques to hack into phones and computers of its enemies, namely figures the UAE perceives as a threat, such as human rights activists, journalists and political rivals.
According to ESET Israel, the cybersecurity firm has found a previously unreported "back door" spread using a malicious email that lets Stealth Falcon hack into their victims' computers. The malware that is based on PowerShell, a Windows task automation and configuration management framework, has been used to attack numerous figures in the UAE, Saudi Arabia, Thailand and the Netherlands.
The back door, said ESET Israel, uses a unique technique to communicate with Windows' Background Intelligent Transfer Service (BITS), enabling the malware to bypass almost all firewalls without being detected by antivirus software.REUTERS contributed to this report.