Iranian state-sponsored hackers are targeting defense contractors around the world with information-stealing malware, experts at Microsoft warn.
According to the team, a group called APT33 (AKA Peach Sandstorm, HOLMIUM) is going after companies that research and develop military weapons systems and other equipment, with a new piece of malware called FalseFont.
“Microsoft has observed that Iranian nation-state actor Peach Sandstorm is attempting to provide a newly developed backdoor called FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector,” the company said.
Fake font
There are more than 100,000 companies in this sector, BleepingComputer added.
While Microsoft hasn't detailed exactly how Peach Sandstorm dropped FalseFont to target endpoints, we can safely assume the usual methods: phishing emails, social engineering, and unpatched device vulnerabilities. Microsoft said FalseFont can give its operators access to compromised systems, giving them the ability to execute files and steal sensitive data.
The backdoor is still being developed, she added.
“The development and use of FalseFont is consistent with Peach Sandstorm's activity observed by Microsoft over the past year, indicating that Peach Sandstorm continues to advance its expertise,” the company concluded. FalseFont was first spotted in early November this year.
To protect against such attacks, organizations in the DIB sector are advised to reset their passwords, revoke session cookies and secure accounts, RDP and Windows Virtual Desktop endpoints with multi-factor authentication (MFA).
APT33 has been around for years, and Ny Breaking has reported on its activities numerous times over the years. The group has reportedly been active for a decade and was discovered in September, targeting thousands of organizations around the world with password spray attacks.
“Between February and July 2023, Peach Sandstorm conducted a wave of password spray attacks in an attempt to authenticate across thousands of environments,” Microsoft researchers said at the time. “Throughout 2023, Peach Sandstorm has consistently expressed interest in U.S. and foreign organizations in the satellite, defense and, to a lesser extent, pharmaceutical sectors.”
Through BleepingComputer