StealthFalcon
StealthFalcon is an espionage-focused threat actor reported in 2024–2025 activity. Check Point Research reported StealthFalcon exploited a zero-day vulnerability, CVE-2025-33053, to target organizations in Turkey, Qatar, Egypt, Ethiopia, and Yemen. ESET also reported StealthFalcon conducting espionage-focused operations in Türkiye and Pakistan (observed in the Oct 2024–Mar 2025 timeframe). Known alias: “stealthfalcon.”
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Where they target
Geographies tied to known operations.
- 🇹🇷 Türkiye
- 🇶🇦 Qatar
- 🇪🇬 Egypt
- 🇪🇹 Ethiopia
- 🇾🇪 Yemen
Associated vulnerabilities
1 CVE this actor has used in observed campaigns. 1 of them exploited in the wild.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
PSOA-linked actor exploiting a zero-day (CVE-2025-33053) to target high-profile organizations across multiple Middle East/Africa countries.
PSOA-linked actor exploiting a zero-day (CVE-2025-33053) to target high-profile organizations across the Middle East and Africa.
Espionage-focused operations targeting Türkiye and Pakistan.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.