August 29, 2024 at 06:07AM
Microsoft has identified an Iranian state-sponsored threat actor, Peach Sandstorm, using a new custom backdoor named Tickler in attacks on organizations in the US and the UAE. The group has targeted employees at US defense industrial base organizations and leveraged LinkedIn for intelligence gathering. They have also conducted password spray attacks. Microsoft’s report aligns with related advisories from Google Cloud’s Mandiant and the US government regarding Iranian state-sponsored actors’ activities.
Based on the meeting notes, here are the key takeaways:
– An Iranian state-sponsored threat actor, known by various names including Peach Sandstorm and APT33, has been using a new custom backdoor called Tickler in attacks targeting organizations in the United States and the United Arab Emirates.
– Microsoft has observed Peach Sandstorm targeting employees at US defense industrial base organizations and leveraging LinkedIn for intelligence gathering and social engineering attacks. The threat actor has also been carrying out password spray attacks against organizations in the defense, space, education, and government sectors in the US and Australia.
– Peach Sandstorm has been using Tickler, a custom multi-stage backdoor, to conduct intelligence gathering operations targeting satellite, communications equipment, government, and oil and gas organizations in the US and UAE. The backdoor enables attackers to download additional malware to compromised systems and perform various malicious activities such as collecting systems information, executing commands, deleting files, and controlling communication with a command and control (C&C) server.
– Microsoft’s report on Peach Sandstorm coincided with Google Cloud’s Mandiant report on an Iranian counterintelligence operation and a US government advisory on Iranian state-sponsored actors collaborating with ransomware groups.
– Multiple tech companies, including Microsoft, Google, Meta, and the US government, have issued reports on Iranian hackers targeting elections and disrupting Iranian hacking activity targeting US presidential elections.
These takeaways outline the key details discussed in the meeting notes, providing a clear summary of the information shared.