New Iranian State-Sponsored Attacks Target Employees At US Defense Industrial Base Organizations

According to Microsoft, some new Iranian state-sponsored attacks are targeting employees at US defense industrial base (DIB) organizations. Microsoft has been raising the alarm about the Iranian hackers targeting Base Entities with a new backdoor dubbed Falsefont. Microsoft attributes the attacks to Peach Sandstorm. Now, you must be wondering what it is. Peach Sandstorm is the name the company uses to denominate the activity cluster also tracked as APT33, Elfin, Holmium, Magnallium, and Refined Kitten.

Iranian Hackers Target US Defense Industrial Base Entities With New Backdoor

APT33 is said to be active since at least 2013. Moreover, it is backed by the Iranian government. APT33 is well known for targeting organizations across the government, research, finance, aerospace, energy, and telecom. It also targets other sectors in the US, Europe, Asia, and the Middle East. Microsoft stated:

“Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector”

Reports claim that the newly identified backdoor dubbed Falsefont is providing hackers with remote access to the infected systems. It allows attackers to execute files and exfiltrate data to the command-and-control (C&C) server. According to Microsoft, FalseFont was first used in attacks in November 2023. In a follow-up post, Microsoft stated:

“The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting that Peach Sandstorm is continuing to improve their tradecraft,”

Microsoft also warned of an APT33 campaign back in September. This APT33 campaign was targeting thousands of organizations with password spray attacks. The point notable was that these password spray attacks resulted in data being exfiltrated from the compromised networks. The first phase of the campaign was carried out between February and July 2023. In that campaign, password spraying was used for the initial compromise. However, the second phase of the campaign engaged exploits targeting known vulnerabilities in Zoho ManageEngine and Confluence.

All the Institutions are recommended to reset passwords for any account targeted in an attack. It will help to:

  • Revoke session cookies
  • Implement best practices for securing identity infrastructure
  • Practice good credential hygiene
  • Employ multi-factor authentication
  • Transition to passwordless authentication
  • Secure remote desktop connections

Also Read: phoneworld.com.pk/govt-warns-against-hackers-targeting-iphone-users-in-pakistan/

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
>