December 22, 2023 at 01:18AM
Microsoft has observed an Iranian threat actor targeting organizations in the Defense Industrial Base sector with a newly discovered backdoor named FalseFont. This backdoor allows remote access, file launching, and data transmission to its command-and-control servers. The campaign aligns with previous activity by the threat actor, indicating an ongoing evolution of their tactics.
Key Takeaways from Newsroom Threat Intelligence Meeting:
– Iranian threat actors are targeting the Defense Industrial Base (DIB) sector with a new backdoor called FalseFont.
– The actor, known as Peach Sandstorm (formerly Holmium), APT33, Elfin, and Refined Kitten, is responsible for the FalseFont backdoor and has been active since at least 2013.
– Microsoft has linked this threat actor to previous password spray attacks against various sectors, with a focus on satellite, defense, and pharmaceutical industries.
– The goal of the attacks is to facilitate intelligence collection in support of Iranian state interests.
– Israel National Cyber Directorate (INCD) accused Iran and Hezbollah of targeting Ziv Hospital through hacking crews named Agrius and Lebanese Cedar, as well as a phishing campaign using a fake advisory for a security flaw in F5 BIG-IP products to deliver wiper malware.
– The scale of the F5 BIG-IP products phishing campaign is currently unknown.
– For more exclusive content, follow the newsroom on Twitter and LinkedIn.
Let me know if there is anything specific you would like me to add or modify in the summary!