Iranian Hackers Targeting Defense Firms Using New Malware, Microsoft

World Defense

Iranian Hackers Targeting Defense Firms Using New Malware, Microsoft

Defense News , Iran :- In a recent revelation by the Microsoft Threat Intelligence team, it has come to light that Peach Sandstorm, a notorious Iranian cyber-espionage group, has been actively targeting thousands of defense companies using a newly discovered backdoor malware. The nation-state threat actor, recognized for its focus on organizations within the space and pharmaceutical sectors, is now reportedly deploying a sophisticated malware named FalseFont aimed at individuals working in the Defense Industrial Base sector.

The Defense Industrial Base sector encompasses over 100,000 defense companies and subcontractors involved in the production of military systems. FalseFont, once infiltrated, grants operators the ability to remotely access infected systems, initiate additional file launches, and transmit sensitive information to its command-and-control servers.

Microsoft highlighted that the development and utilization of FalseFont align with Peach Sandstorm observed activities over the past year, indicating a continuous effort to enhance their cyber tradecraft.

To counter the potential threat posed by FalseFont, Microsoft has provided mitigation strategies. Among them, the recommendation includes resetting account passwords for those targeted by a password spray attack. Network defenders are further advised to annul session cookies and reverse any multi-factor authentication setting changes made by the attackers on compromised accounts.

Users are encouraged to consider transitioning to a passwordless primary authentication method to bolster account security against password spray or brute force attacks, particularly on vulnerable systems like workstations.

Peach Sandstorm, also known as HOLMIUM or Refined Kitten, has a history of targeting various sectors in the United States, Saudi Arabia, and South Korea since at least 2013. In September, Microsoft disclosed that the Iranian group executed a series of password spray attacks, a tactic that involves using a common password to gain access to multiple accounts while avoiding account lockouts.

These successful attacks resulted in data theft from a limited number of victims in critical sectors such as defense, satellite, and pharmaceuticals, underscoring the persistent and evolving threat posed by Peach Sandstorm in the realm of cyber-espionage.

Posted on 2023-12-22 15:49:15
Top 48 Hours Trending
MoD Signs ₹7,628.70 Crore Deal with L&T for K9 Vajra-T Artillery Guns MoD Signs ₹7,628.70 Crore Deal with L&T for K9 Vajra-T Artillery Guns Posted on 2024-12-20 15:33:50
Russia to Propose 70 Su-57E Fighter Jet with AL-51F Engines G2G Deal to India During Putin's 2025 Visit Russia to Propose 70 Su-57E Fighter Jet with AL-51F Engines G2G Deal to India During Putin's 2025 Visit Posted on 2024-12-20 15:07:15
ISRO to Launch Historic SpaDEX Mission on December 30, 2024: India’s First Space Docking Experiment ISRO to Launch Historic SpaDEX Mission on December 30, 2024: India’s First Space Docking Experiment Posted on 2024-12-20 15:11:20
Leave a Comment:
No comments available for this post.