August 29, 2024 at 06:07AM Microsoft has identified an Iranian state-sponsored threat actor, Peach Sandstorm, using a new custom backdoor named Tickler in attacks on organizations in the US and the UAE. The group has targeted employees at US defense industrial base organizations and leveraged LinkedIn for intelligence gathering. They have also conducted password spray … Read more
December 22, 2023 at 11:52AM Microsoft observed Iranian nation-state cyberattackers Peach Sandstorm delivering FalseFont backdoor to individuals within the military-industrial sector, aiming for global infrastructure supporting military research. FalseFont allows remote access, file execution, and data transmission to control servers. It was first observed in early November, and the group’s ongoing improvements suggest continued interest … Read more
December 22, 2023 at 07:45AM Microsoft has raised an alert on Iranian state-sponsored attacks targeting US defense industrial base (DIB) organizations. The attacks, attributed to Peach Sandstorm, a group also known as APT33, are believed to have been active since at least 2013. A newly developed backdoor named FalseFont has been observed, allowing remote access … Read more
December 22, 2023 at 01:18AM Microsoft has observed an Iranian threat actor targeting organizations in the Defense Industrial Base sector with a newly discovered backdoor named FalseFont. This backdoor allows remote access, file launching, and data transmission to its command-and-control servers. The campaign aligns with previous activity by the threat actor, indicating an ongoing evolution … Read more
December 21, 2023 at 03:30PM Microsoft warns of APT33 Iranian cyber-espionage group using FalseFont backdoor malware to target over 100,000 defense companies globally. Known as Peach Sandstorm, the group has been active since 2013, targeting industries across the US, Saudi Arabia, and South Korea. Network defenders are advised to reset credentials and use multi-factor authentication … Read more