Microsoft has noticed the Iranian nation-state cyberattackers generally known as Peach Sandstorm trying to ship a backdoor to people working for organizations within the military-industrial sector.
In a sequence of messages on X, previously Twitter, Microsoft Risk Intelligence stated the Peach Sandstorm superior persistent menace (aka APT33, Elfin, Holmium, or Refined Kitten) has been trying to ship the FalseFont backdoor to varied organizations inside the world infrastructure that permits the analysis and growth of army weapons, techniques, subsystems, and parts.
Microsoft Risk Intelligence says FalseFont is a customized backdoor with a “wide selection of functionalities” that enable operators to remotely entry an contaminated system, launch extra recordsdata, and ship data to its command and management servers.
FalseFont was first noticed getting used in opposition to targets in early November. It was not clear if there have been any detections of profitable infections.
Microsoft stated Peach Sandstorm has persistently demonstrated curiosity in organizations within the satellite tv for pc and protection sectors in 2023. The event and use of FalseFont is in line with Peach Sandstorm exercise noticed by Microsoft over the previous 12 months, suggesting the group is constant to enhance their tradecraft.