Microsoft says the APT33 Iranian cyber-espionage group is utilizing not too long ago found FalseFont backdoor malware to assault protection contractors worldwide.
“Microsoft has noticed the Iranian nation-state actor Peach Sandstorm making an attempt to ship a newly developed backdoor named FalseFont to people working for organizations within the Protection Industrial Base (DIB) sector,” the corporate mentioned.
The DIB sector focused in these assaults contains over 100,000 protection firms and subcontractors concerned in researching and growing navy weapons techniques, subsystems, and parts.
Additionally tracked as Peach Sandstorm, HOLMIUM, or Refined Kitten, this hacking group has been lively since not less than 2013. Their targets span a variety of trade sectors throughout the USA, Saudi Arabia, and South Korea, together with authorities, protection, analysis, finance, and engineering verticals.
FalseFont, the customized backdoor deployed within the marketing campaign unveiled by Microsoft right this moment, supplies its operators distant entry to compromised techniques, file execution, and file switch to its command-and-control (C2) servers.
Based on Microsoft, this malware pressure was first noticed within the wild round early November 2023.
“The event and use of FalseFont is in line with Peach Sandstorm exercise noticed by Microsoft over the previous yr, suggesting that Peach Sandstorm is constant to enhance their tradecraft,” Redmond mentioned.
Community defenders are suggested to reset credentials for accounts focused in password spray assaults to cut back the assault floor focused by APT33 hackers.
They need to additionally revoke session cookies and safe accounts and RDP or Home windows Digital Desktop endpoints utilizing multi-factor authentication (MFA).
Protection contractors beneath assault
In September, Microsoft warned of one other marketing campaign coordinated by the APT33 menace group that focused 1000’s of organizations worldwide, together with within the protection sector, in intensive password spray assaults since February 2023.
“Between February and July 2023, Peach Sandstorm carried out a wave of password spray assaults making an attempt to authenticate to 1000’s of environments,” the Microsoft Menace Intelligence workforce mentioned.
“All through 2023, Peach Sandstorm has persistently demonstrated curiosity in US and different nation’s organizations within the satellite tv for pc, protection, and to a lesser extent, pharmaceutical sectors.”
The assaults resulted in information theft from a restricted variety of victims within the protection, satellite tv for pc, and pharmaceutical sectors.
An Iran-linked hacking group dubbed DEV-0343 by researchers at Microsoft Menace Intelligence Middle (MSTIC) additionally attacked U.S. and Israeli protection tech firms two years in the past, in accordance with an October 2012 Microsoft report.
In recent times, protection businesses and contractors all over the world have additionally landed within the crosshairs of Russian, North Korean, and Chinese language state hackers.
