Dark Caracal
Dark Caracal is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.6
Low signal strength
Mentions1
Sources0
High conf.0
Last seenJun 2026
First observed
2018-10-17
Last active
—
Origin
Lebanon
Aliases
1
Techniques
12
Campaigns
0
Lebanon
Attribution signals
1 mention · 0 sources#1linked tomoderate
Malware
ciberseguridad-blog
Jun 2026
"PocoRAT emerges as a more advanced and sophisticated version of Bandook, linked to the cybermercenary group Dark Caracal, famous for its espionage campaigns."
Hedge terms observed
linked to