New Iranian State-Sponsored Attacks Target Employees At US Defense Industrial Base Organizations
According to Microsoft, some new Iranian state-sponsored attacks are targeting employees at US defense industrial base (DIB) organizations. Microsoft has been raising the alarm about the Iranian hackers targeting Base Entities with a new backdoor dubbed Falsefont. Microsoft attributes the attacks to Peach Sandstorm. Now, you must be wondering what it is. Peach Sandstorm is the name the company uses to denominate the activity cluster also tracked as APT33, Elfin, Holmium, Magnallium, and Refined Kitten.
Iranian Hackers Target US Defense Industrial Base Entities With New Backdoor
APT33 is said to be active since at least 2013. Moreover, it is backed by the Iranian government. APT33 is well known for targeting organizations across the government, research, finance, aerospace, energy, and telecom. It also targets other sectors in the US, Europe, Asia, and the Middle East. Microsoft stated:
“Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector”
Reports claim that the newly identified backdoor dubbed Falsefont is providing hackers with remote access to the infected systems. It allows attackers to execute files and exfiltrate data to the command-and-control (C&C) server. According to Microsoft, FalseFont was first used in attacks in November 2023. In a follow-up post, Microsoft stated:
“The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting that Peach Sandstorm is continuing to improve their tradecraft,”
Microsoft also warned of an APT33 campaign back in September. This APT33 campaign was targeting thousands of organizations with password spray attacks. The point notable was that these password spray attacks resulted in data being exfiltrated from the compromised networks. The first phase of the campaign was carried out between February and July 2023. In that campaign, password spraying was used for the initial compromise. However, the second phase of the campaign engaged exploits targeting known vulnerabilities in Zoho ManageEngine and Confluence.
All the Institutions are recommended to reset passwords for any account targeted in an attack. It will help to:
- Revoke session cookies
- Implement best practices for securing identity infrastructure
- Practice good credential hygiene
- Employ multi-factor authentication
- Transition to passwordless authentication
- Secure remote desktop connections
Also Read: phoneworld.com.pk/govt-warns-against-hackers-targeting-iphone-users-in-pakistan/
PTA Taxes Portal
Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal
Explore NowFollow us on Google News!