Microsoft: Hackers target defense firms with new FalseFont malware

Trending 2 months ago

Hackers

Microsoft says the APT33 Iranian cyber-espionage group is utilizing precocious discovered FalseFont backdoor malware to onslaught defense contractors worldwide.

"Microsoft has observed nan Iranian nation-state character Peach Sandstorm attempting to present a recently developed backdoor named FalseFont to individuals moving for organizations successful nan Defense Industrial Base (DIB) sector," nan institution said.

The DIB assemblage targeted successful these attacks comprises complete 100,000 defense companies and subcontractors progressive successful researching and processing subject weapons systems, subsystems, and components.

Also tracked arsenic Peach Sandstorm, HOLMIUM, aliases Refined Kitten, this hacking group has been progressive since astatine slightest 2013. Their targets span a wide scope of manufacture sectors crossed nan United States, Saudi Arabia, and South Korea, including government, defense, research, finance, and engineering verticals.

FalseFont, nan civilization backdoor deployed successful nan run unveiled by Microsoft today, provides its operators distant entree to compromised systems, record execution, and record transportation to its command-and-control (C2) servers.

According to Microsoft, this malware strain was first observed successful nan chaotic astir early November 2023.

"The improvement and usage of FalseFont is accordant pinch Peach Sandstorm activity observed by Microsoft complete nan past year, suggesting that Peach Sandstorm is continuing to amended their tradecraft," Redmond said.

Network defenders are advised to reset credentials for accounts targeted successful password spray attacks to trim nan onslaught aboveground targeted by APT33 hackers.

They should besides revoke convention cookies and unafraid accounts and RDP aliases Windows Virtual Desktop endpoints utilizing multi-factor authentication (MFA).

Defense contractors nether attack

In September, Microsoft warned of different run coordinated by nan APT33 threat group that targeted thousands of organizations worldwide, including successful nan defense sector, successful extended password spray attacks since February 2023.

"Between February and July 2023, Peach Sandstorm carried retired a activity of password spray attacks attempting to authenticate to thousands of environments," nan Microsoft Threat Intelligence squad said.

"Throughout 2023, Peach Sandstorm has consistently demonstrated liking successful US and different country's organizations successful nan satellite, defense, and to a lesser extent, pharmaceutical sectors."

The attacks resulted successful information theft from a constricted number of victims successful nan defense, satellite, and pharmaceutical sectors.

An Iran-linked hacking group dubbed DEV-0343 by researchers astatine Microsoft Threat Intelligence Center (MSTIC) besides attacked U.S. and Israeli defense tech companies 2 years ago, according to an October 2012 Microsoft report.

In caller years, defense agencies and contractors astir nan world person besides landed successful nan crosshairs of Russian, North Korean, and Chinese authorities hackers.