Microsoft says the APT33 Iranian cyber-espionage group is utilizing not too long ago found FalseFont backdoor malware to assault protection contractors worldwide.
“Microsoft has noticed the Iranian nation-state actor Peach Sandstorm trying to ship a newly developed backdoor named FalseFont to people working for organizations within the Protection Industrial Base (DIB) sector,” the corporate stated.
The DIB sector focused in these assaults contains over 100,000 protection corporations and subcontractors concerned in researching and creating navy weapons methods, subsystems, and elements.
Additionally tracked as Peach Sandstorm, HOLMIUM, or Refined Kitten, this hacking group has been lively since a minimum of 2013. Their targets span a variety of business sectors throughout the USA, Saudi Arabia, and South Korea, together with authorities, protection, analysis, finance, and engineering verticals.
FalseFont, the customized backdoor deployed within the marketing campaign unveiled by Microsoft as we speak, gives its operators distant entry to compromised methods, file execution, and file switch to its command-and-control (C2) servers.
Based on Microsoft, this malware pressure was first noticed within the wild round early November 2023.
“The event and use of FalseFont is per Peach Sandstorm exercise noticed by Microsoft over the previous yr, suggesting that Peach Sandstorm is constant to enhance their tradecraft,” Redmond stated.
Community defenders are suggested to reset credentials for accounts focused in password spray assaults to cut back the assault floor focused by APT33 hackers.
They need to additionally revoke session cookies and safe accounts and RDP or Home windows Digital Desktop endpoints utilizing multi-factor authentication (MFA).
Protection contractors underneath assault
In September, Microsoft warned of one other marketing campaign coordinated by the APT33 menace group that focused 1000’s of organizations worldwide, together with within the protection sector, in intensive password spray assaults since February 2023.
“Between February and July 2023, Peach Sandstorm carried out a wave of password spray assaults trying to authenticate to 1000’s of environments,” the Microsoft Menace Intelligence group stated.
“All through 2023, Peach Sandstorm has persistently demonstrated curiosity in US and different nation’s organizations within the satellite tv for pc, protection, and to a lesser extent, pharmaceutical sectors.”
The assaults resulted in information theft from a restricted variety of victims within the protection, satellite tv for pc, and pharmaceutical sectors.
An Iran-linked hacking group dubbed DEV-0343 by researchers at Microsoft Menace Intelligence Middle (MSTIC) additionally attacked U.S. and Israeli protection tech corporations two years in the past, in keeping with an October 2012 Microsoft report.
Lately, protection companies and contractors around the globe have additionally landed within the crosshairs of Russian, North Korean, and Chinese language state hackers.
