New Tickler malware used to backdoor US govt, defense orgs

August 29, 2024 at 11:49AM APT33, an Iranian hacking group, has deployed the Tickler malware to infiltrate the networks of government, defense, satellite, oil, and gas organizations in the US and the UAE. Based on the meeting notes, it is clear that the APT33 Iranian hacking group has utilized the new Tickler malware to infiltrate … Read more

Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE

August 29, 2024 at 06:07AM Microsoft has identified an Iranian state-sponsored threat actor, Peach Sandstorm, using a new custom backdoor named Tickler in attacks on organizations in the US and the UAE. The group has targeted employees at US defense industrial base organizations and leveraged LinkedIn for intelligence gathering. They have also conducted password spray … Read more

New Tickler malware used to backdoor US govt, defense orgs

August 28, 2024 at 02:41PM The APT33 Iranian hacking group has deployed new Tickler malware to infiltrate the networks of government, defense, satellite, oil, and gas organizations in the US and the UAE. Based on the meeting notes, it appears that the APT33 Iranian hacking group has employed new Tickler malware to create backdoors in … Read more

New Specula tool uses Outlook for remote code execution in Windows

July 29, 2024 at 05:45PM A new red team post-exploitation framework named “Specula” released by TrustedSec turns Microsoft Outlook into a C2 beacon to execute code remotely. This framework bypasses security features and allows attackers to run arbitrary commands on compromised Windows systems. The CVE-2017-11774 vulnerability is exploited, making it a persistent and impactful threat. … Read more

Iranian cyberspies target US defense orgs with a brand new backdoor

December 23, 2023 at 07:54AM Iranian cyberspies, identified as Peach Sandstrom by Microsoft, are targeting defense industrial base organizations with a new backdoor called FalseFont. APT33, which Mandiant tracks as Iran-backed, engages in strategic cyberespionage against organizations in the US, Saudi Arabia, and South Korea. Additionally, 443 online shops have been compromised by cyber crooks … Read more

Iran’s ‘Peach Sandstorm’ Cyberattackers Target Global Defense Network

December 22, 2023 at 11:52AM Microsoft observed Iranian nation-state cyberattackers Peach Sandstorm delivering FalseFont backdoor to individuals within the military-industrial sector, aiming for global infrastructure supporting military research. FalseFont allows remote access, file execution, and data transmission to control servers. It was first observed in early November, and the group’s ongoing improvements suggest continued interest … Read more

Iranian Hackers Targeting US Defense Industrial Base Entities With New Backdoor

December 22, 2023 at 07:45AM Microsoft has raised an alert on Iranian state-sponsored attacks targeting US defense industrial base (DIB) organizations. The attacks, attributed to Peach Sandstorm, a group also known as APT33, are believed to have been active since at least 2013. A newly developed backdoor named FalseFont has been observed, allowing remote access … Read more