David Driker

Stealth Falcon: A Saga of Middle Eastern Cyber Espionage

Over the past few years, Check Point has been closely monitoring the activities of Stealth Falcon, a particularly intriguing APT group operating primarily in the Middle East. Known for its espionage campaigns across the Middle East and Africa, the group employs a distinctive and relatively advanced custom toolset.

During routine threat monitoring, we uncovered an unusual technique being used by the group. This technique was later confirmed by Microsoft as a previously unknown zero-day vulnerability that allows remote code execution via manipulation of the working directory.

In this talk, we will share how we discovered this zero-day and examine the specific techniques used by the threat actors. We will also present the latest additions to Stealth Falcon’s arsenal, and delve into the challenges and key findings encountered while tracking their evolving infrastructure.

David Driker is a Security Researcher focusing on Malware Research at Check Point Research. David joined Check Point in 2019 and before that he was Full Stack Developer for 5 years. David research includes a mix of Malware research of cybercrime and Advanced Persistent Threat campaigns. When not researching malware he enjoys casual gaming and reading.