Technology

Defense firms targeted with dangerous new malware, Microsoft warns

December 22, 2023

Iranian state-sponsored hackers are targeting defense contractors worldwide with information-stealing malware, experts at Microsoft have warned.

According to the team, a group called APT33 (AKA Peach Sandstorm, HOLMIUM) is going after companies that research and develop military weapons systems and other gear, with a new piece of malware called FalseFont.

“Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector,” the company said.

FalseFont

There are more than 100,000 companies in this industry, BleepingComputer added.

While Microsoft didn’t detail exactly how Peach Sandstorm was dropping FalseFont to target endpoints, it’s safe to assume the usual methods: phishing emails, social engineering, and unpatched device vulnerabilities. Microsoft said that FalseFont can grant its operators access to compromised systems, giving them the ability to execute files and steal sensitive data.

The backdoor is still being developed, they added.

“The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting that Peach Sandstorm is continuing to improve their tradecraft,” the company concluded. FalseFont was first spotted in early November this year.

To protect against such attacks, organizations in the DIB sector are advised to reset their passwords, revoke session cookies, and secure accounts, RDP, and Windows Virtual Desktop endpoints, with multi-factor authentication (MFA).

APT33 has been around for years, and TechRadar Pro has reported on its activities numerous times in these past couple of years. The group has allegedly been active for a decade and was spotted this September targeting thousands of organizations all over the world with password spray attacks.

“Between February and July 2023, Peach Sandstorm carried out a wave of password spray attacks attempting to authenticate to thousands of environments,” Microsoft’s researchers said at the time. “Throughout 2023, Peach Sandstorm has consistently demonstrated interest in US and other country’s organizations in the satellite, defense, and to a lesser extent, pharmaceutical sectors.”

Via BleepingComputer

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar