Microsoft experts have issued a caution about Iranian state-sponsored hackers, APT33 (also known as Peach Sandstorm or HOLMIUM), actively deploying information-stealing malware. These cyber actors specifically target defense contractors globally, focusing on entities involved in the research and development of military weapons systems. Microsoft has identified their latest tool, a malware named FalseFont, being used in these attacks.
Highlighting the significance of this threat, Microsoft reported, “Peach Sandstorm, the Iranian nation-state actor, is making attempts to distribute the newly developed backdoor, FalseFont, to individuals within the Defense Industrial Base (DIB) sector.
In essence, defense contractors worldwide are under direct threat from this Iranian cyber group, with FalseFont as their weapon of choice for infiltrating organizations engaged in developing military technologies.
FalseFont’s Impact and Countermeasures
BleepingComputer notes over 100,000 companies are at risk in this sector. While Microsoft didn’t detail Peach Sandstorm’s FalseFont delivery methods, phishing, social engineering, and unpatched vulnerabilities are likely. FalseFont provides access to executing files and data theft.
The backdoor is in ongoing development, indicating Peach Sandstorm’s continuous improvement.
Microsoft suggests resetting passwords, revoking session cookies, securing accounts, RDP, and Windows Virtual Desktop with multi-factor authentication (MFA) to shield against such attacks.
APT33, active for a decade, employed password spray attacks globally from February to July 2023. Peach Sandstorm consistently targets US and global organizations in satellite, defense, and pharmaceutical sectors.
Source: BleepingComputer
