{"id":4859,"date":"2015-02-24T03:29:50","date_gmt":"2015-02-24T03:29:50","guid":{"rendered":"http:\/\/kasperskydaily.com\/brazil\/?p=4859"},"modified":"2019-11-22T08:00:06","modified_gmt":"2019-11-22T11:00:06","slug":"falcoes-do-deserto-a-apt-do-oriente-medio","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.br\/blog\/falcoes-do-deserto-a-apt-do-oriente-medio\/4859\/","title":{"rendered":"Falc\u00f5es do Deserto: A APT do Oriente M\u00e9dio"},"content":{"rendered":"<p><span title=\"Cancun, Mexico \u2014 Researchers from Kaspersky Lab have uncovered the first ever Arabic language advanced persistent threat (APT) group.\">Cancun, M\u00e9xico \u2013 Pesquisadores da Kaspersky Lab descobriram o primeiro grupo de APT (sigla em ingl\u00eas para Amea\u00e7a Persistente Avan\u00e7ada) da\u00a0l\u00edngua \u00e1rabe. <\/span><span title=\"Dubbed Desert Falcons, the group of thirty or so attackers \u2014 some of whom are known by name \u2014 operates out of Palestine, Egypt and Turkey and is said to have developed and deployed their wares exclusively in the Middle East.\">Apelidado de Falc\u00f5es do\u00a0Deserto, o grupo de\u00a0mais ou menos trinta atacantes \u2013 alguns dos quais s\u00e3o conhecidos pelo pr\u00f3prio\u00a0nome \u2013 operam fora da Palestina, Egito e Turquia, e disse terem desenvolvido e implantado seus produtos exclusivamente no Oriente M\u00e9dio. <\/span>\u00c9 imposs\u00edvel determinar se os Falc\u00f5es do Deserto\u00a0est\u00e1 sendo\u00a0patrocinado pelo Estado.<\/p>\n<p><span title=\"Their arsenal consists of homemade malware tools and social engineering and other techniques designed to execute and conceal campaigns on traditional and mobile operating system.\">Seu arsenal consiste em ferramentas de malware caseiras e engenharia social e outras t\u00e9cnicas destinadas a executar e ocultar campanhas tanto em sistemas operacionais tradicionais como m\u00f3veis. <\/span>Particularmente, o malware dos Falc\u00f5es do Deserto est\u00e1 planejado para roubar informa\u00e7\u00f5es confidenciais de suas v\u00edtimas, que em seguida \u00e9 usada para abastecer outras opera\u00e7\u00f5es e at\u00e9 mesmo para tentativas de extors\u00e3o contra alvos impactados.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Go in-depth with the <a href=\"https:\/\/twitter.com\/hashtag\/FalconsAPT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#FalconsAPT<\/a> and read our exclusive report <a href=\"https:\/\/twitter.com\/hashtag\/TheSAS2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TheSAS2015<\/a> \u2013 <a href=\"http:\/\/t.co\/Tb6Ag44DtN\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/Tb6Ag44DtN<\/a> <a href=\"http:\/\/t.co\/4Ajw672WZT\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/4Ajw672WZT<\/a><\/p>\n<p>\u2014 KasperskyUK (@kasperskyuk) <a href=\"https:\/\/twitter.com\/kasperskyuk\/status\/568376982280507392?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 19, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Segundo a equipe do GReAT da Kaspersky Lab, sas v\u00edtimas s\u00e3o direcionadas para os segredos de suas posses ou\u00a0informa\u00e7\u00e3o de intelig\u00eancia relativos \u00e0s suas posi\u00e7\u00f5es nos governos ou organiza\u00e7\u00f5es importantes.<\/p>\n<div class=\"pullquote\">Mais de 1 milh\u00e3o de arquivos foram roubados das v\u00edtimas<\/div>\n<p>\u201cMais de 1 milh\u00e3o de arquivos foram roubados das v\u00edtimas\u201d, declarou a empresa anti-malware. \u201cOs arquivos roubados incluem comunica\u00e7\u00f5es diplom\u00e1ticas de embaixadas, planos e documentos militares, documentos financeiros,\u00a0listas de contatos VIP e\u00a0midi\u00e1ticos assim como arquivos.\u201d<br>\n<span title=\"Desert Falcons' attacks have claimed some 3000 victims in more than 50 countries.\">Os ataques dos Falc\u00f5es do Deserto atingiram umas 3.000 v\u00edtimas em mais de 50 pa\u00edses. <\/span>A maioria delas se encontram na Palestina, Egito, Israel e Jord\u00e2nia, mas tamb\u00e9m houve descobertas na Ar\u00e1bia Saudita, Emirados \u00c1rabes Unidos,\u00a0EUA, Coreia do Sul, Marrocos e Qatar, entre outros lugares.<\/p>\n<p>Os Falc\u00f5es do #DesertoAPT revelados por @KasperskyLab\u00a0em #TheSAS2015 \u00e9 o primeiro #APT exclusivo do Oriente M\u00e9dio. [\/twitter_pullquote]<\/p>\n<p><span title=\"The victims include Military and Government organizations, employees responsible for health organizations, combating money laundering, economic and financial institutions, leading media entities, research and educational institutions, energy and utilities providers, activists and political leaders, physical security companies and other targets that have\">As v\u00edtimas incluem organiza\u00e7\u00f5es militares e governamentais, funcion\u00e1rios respons\u00e1veis \u200b\u200bpelos servi\u00e7os de sa\u00fade, organiza\u00e7\u00f5es que lutam contra\u00a0a lavagem de dinheiro, institui\u00e7\u00f5es econ\u00f4micas e financeiras, principais \u00f3rg\u00e3os de comunica\u00e7\u00e3o social, institui\u00e7\u00f5es de pesquisa e ensino, prestadores de energia e de servi\u00e7os p\u00fablicos, ativista e l\u00edderes pol\u00edticos, empresas de seguran\u00e7a f\u00edsica e outros alvos que t\u00eam <\/span>acesso \u00e0 informa\u00e7\u00e3o geopol\u00edtica importante.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/94\/2015\/02\/06141413\/desert-falcons-2.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-4861\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/94\/2015\/02\/06141413\/desert-falcons-2.jpg\" alt=\"desert-falcons-2\" width=\"748\" height=\"366\"><\/a><br>\nAs\u00a0f<span title=\"Tools used in the Desert Falcons attack include backdoors into traditional computers through which the attackers install malware capable of logging keystrokes, taking screenshots and even remotely recording audio.\">erramentas usadas no ataque dos Falc\u00f5es do Deserto\u00a0incluem backdoors em computadores tradicionais por meio do qual os atacantes instalam malwares capazes de registrar as teclas digitadas, tiram screenshots e at\u00e9 mesmo\u00a0gravando o \u00e1udio remotamente. <\/span>H\u00e1 tamb\u00e9m um componente m\u00f3vel para Android com a capacidade de espionar os SMS de texto e o registro\u00a0de chamadas.<\/p>\n<p>Curiosamente, os pesquisadores apresentaram os Falc\u00f5es do Deserto na Cumbre de Analistas de Seguran\u00e7a da Kaspersky Lab, disseram que\u00a0eles s\u00e3o os priemiros a utilizar o chat do Facebook em ataques direcionados, conectando com as v\u00edtimas atrav\u00e9s de p\u00e1ginas comuns do Facebook at\u00e9 ganhar a sua confian\u00e7a e enviar para voc\u00ea\u00a0arquivos de Tr\u00f3ia via chat escondido em uma foto.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/94\/2015\/02\/06141412\/desert-falcons-3-1024x568.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-4862\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/94\/2015\/02\/06141412\/desert-falcons-3-1024x568.jpg\" alt=\"desert-falcons-3\" width=\"1533\" height=\"850\"><\/a><\/p>\n<p><span title=\"The group began building its tools as early as 2011 and achieved its first infections in 2013, but it wasn't until the end of 2014 and the beginning of 2015 that Desert Falcon's activity really began to spike.\">O grupo come\u00e7ou a construir suas ferramentas no in\u00edcio de 2011 e atingiu as suas primeiras infec\u00e7\u00f5es em 2013, mas n\u00e3o foi at\u00e9 o final de 2014 e o in\u00edcio de 2015 quando a actividade dos Falc\u00f5es do Deserto\u00a0come\u00e7ou a alcan\u00e7ar o seu m\u00e1ximo.\u00a0<\/span><br>\n<span title=\"Kaspersky Lab says its products detect and block all variants of the malware used in this campaign.\">A Kaspersky Lab declara que seus produtos detectam e bloqueam todas as variantes do malware utilizadas nesta campanha.<\/span><\/p>\n<p style=\"text-align: right\"><em>Tradu\u00e7\u00e3o: Juliana Costa Santos Dias<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cancun, M\u00e9xico \u2013 Pesquisadores da Kaspersky Lab descobriram o primeiro grupo de APT (sigla em ingl\u00eas para Amea\u00e7a Persistente Avan\u00e7ada) da\u00a0l\u00edngua \u00e1rabe. Apelidado de Falc\u00f5es do\u00a0Deserto, o grupo de\u00a0mais ou<\/p>\n","protected":false},"author":42,"featured_media":4853,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1260,14],"tags":[71,532,533,530,35,531,141,534,524],"class_list":{"0":"post-4859","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-news","9":"tag-apt","10":"tag-arabe","11":"tag-espiar","12":"tag-falcoes-do-deserto","13":"tag-malware-2","14":"tag-medio-oriente","15":"tag-sas","16":"tag-summit-analista-de-seguranca","17":"tag-thesas2015"},"hreflang":[{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/falcoes-do-deserto-a-apt-do-oriente-medio\/4859\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.br\/blog\/tag\/apt\/","name":"APT"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts\/4859","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/comments?post=4859"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts\/4859\/revisions"}],"predecessor-version":[{"id":13408,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts\/4859\/revisions\/13408"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/media\/4853"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/media?parent=4859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/categories?post=4859"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/tags?post=4859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}