UAE-Linked 'Stealth Falcon' APT Mimics Microsoft In Homoglyph Attack

Researchers have recently discovered a sophisticated backdoor with unusual architecture, dubbed “Deadglyph,” used in a cyber-espionage attack in the Middle East against a government agency. The malware is attributed to the Stealth Falcon advanced persistent threat (APT), a United Arab Emirates (UAE) state-sponsored group.

In a routine monitoring of suspicious activities for some of its Middle East high-profile customers, ESET gleaned details on a custom attack that uses homoglyphs, mimicking the name of technology giant Microsoft inside unicode strings. In this case, Cyrillic “M” and Greek “o” alphabet letters where used in place of the standard Latin characters usually used in English, in the string “Microsoft Corporation.”

The APT is living up to the “stealth” in its name, too. For instance, the Deadglyph malware does not receive traditional backdoor commands from the backdoor binary but instead receives its functions dynamically from a command-and-control (C2) server in the form of modules. These use Windows and custom Executor APIs to enable dozens of capabilities, including loading executables, file operations, token impersonation, and encryption and hashing. This approach means that threat actors can create as many modules as needed in order to customize the attacks.

In addition to this, the backdoor employs anti-detection mechanisms such as continuously monitoring system processes as well as implementing randomized network patterns.

Three out of nine modules have been uncovered — process creator, file reader, and an info collector — indicating that researchers still don’t know the full breadth of Deadglyph’s capabilities. ESET also discovered a shellcode downloader that could be used to install the malware.

In the past, Stealth Falcon (aka Fruity Armor or Project Raven) has been known to target political activists, dissidents, and journalists in the Middle East. This latest attack occurred somewhere in the region of the Anatolian and Arabian peninsulas, according to ESET. The firm also noted that a second sample of the malware was uploaded to Virus Total, from Qatar.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

SEO Powered Content & PR Distribution. Get Amplified Today.
PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
Source: https://www.darkreading.com/dr-global/stealth-falcon-apt-microsoft-homoglyph-attack

Generative Data Intelligence

UAE-Linked ‘Stealth Falcon’ APT Mimics Microsoft in Homoglyph Attack

The Dencun Catalyst: Ethereum’s Layer 2 Transactions Skyrocket by 200% Post-Upgrade

Ethereum’s Layer 2 Ecosystem Thrives with 200% Surge Post-Dencun Upgrade as Crypto Landscape Evolves

Latest Intelligence

Dencun Upgrade Fuels 200% Surge in Ethereum Layer 2 Transactions Amidst Crypto Policy Reforms and Market Trends

Explosive Growth in Ethereum Layer 2 Transactions Post-Dencun Upgrade Amidst Crypto Ecosystem Upheavals

Blockchain Breakthroughs and Policy Pivots: Ethereum’s Post-Dencun Surge, Biden’s Crypto Stance, and Global Crypto Dynamics

Surge in Ethereum’s Efficiency: Layer 2 Transactions Soar 200% Post-Dencun Upgrade and Crypto’s Evolving Landscape

Decentralized Surge: Ethereum’s Layer 2 Transactions Skyrocket Post-Dencun Upgrade Amidst Dynamic Crypto Ecosystem Changes

Blockchain Breakthroughs & Crypto Dynamics: Ethereum’s Dencun Upgrade Fuels 200% Surge in Layer 2 Transactions Amidst Global Crypto Developments