Microsoft is highlighting new state-sponsored attacks originating from Iran, specifically targeting employees within the US defense industrial base (DIB) organizations. These attacks are attributed to Peach Sandstorm, also known as APT33, a group believed to be backed by the Iranian government and active across various sectors globally since at least 2013. The recent activity involves the deployment of a newly developed backdoor named FalseFont, allowing remote access to compromised systems, file execution, and data exfiltration to a command-and-control server. Microsoft observed this backdoor in November 2023 and notes ongoing improvements in Peach Sandstorm’s tactics. Prior warnings from Microsoft detailed APT33’s password spray attacks targeting numerous organizations, emphasizing the importance of resetting passwords, enhancing identity security measures, and employing multi-factor and passwordless authentication to mitigate risks.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.