Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Defense firms targeted with dangerous new malware, Microsoft warns

A white padlock on a dark digital background.

Iranian state-sponsored hackers are targeting defense contractors worldwide with information-stealing malware, experts at Microsoft have warned.

According to the team, a group called APT33 (AKA Peach Sandstorm, HOLMIUM) is going after companies that research and develop military weapons systems and other gear, with a new piece of malware called FalseFont.

"Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector," the company said.

FalseFont

There are more than 100,000 companies in this industry, BleepingComputer added.

While Microsoft didn’t detail exactly how Peach Sandstorm was dropping FalseFont to target endpoints, it’s safe to assume the usual methods: phishing emails, social engineering, and unpatched device vulnerabilities. Microsoft said that FalseFont can grant its operators access to compromised systems, giving them the ability to execute files and steal sensitive data.

The backdoor is still being developed, they added.

"The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting that Peach Sandstorm is continuing to improve their tradecraft," the company concluded. FalseFont was first spotted in early November this year. 

To protect against such attacks, organizations in the DIB sector are advised to reset their passwords, revoke session cookies, and secure accounts, RDP, and Windows Virtual Desktop endpoints, with multi-factor authentication (MFA). 

APT33 has been around for years, and TechRadar Pro has reported on its activities numerous times in these past couple of years. The group has allegedly been active for a decade and was spotted this September targeting thousands of organizations all over the world with password spray attacks.

"Between February and July 2023, Peach Sandstorm carried out a wave of password spray attacks attempting to authenticate to thousands of environments," Microsoft’s researchers said at the time. "Throughout 2023, Peach Sandstorm has consistently demonstrated interest in US and other country's organizations in the satellite, defense, and to a lesser extent, pharmaceutical sectors."

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.