Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Iran's 'Peach Sandstorm' Cyberattackers Target Global Defense Network

The FalseFont backdoor allows operators to remotely access an infected system and launch additional files.

Dark Reading Staff, Dark Reading

December 22, 2023

1 Min Read
A dust storm beneath a monsoon thunderstorm in the desert
Source: John Sirlin via Alamy Stock Photo

Microsoft has observed the Iranian nation-state cyberattackers known as Peach Sandstorm attempting to deliver a backdoor to individuals working for organizations in the military-industrial sector.

In a series of messages on X, formerly Twitter, Microsoft Threat Intelligence said the Peach Sandstorm advanced persistent threat (aka APT33, Elfin, Holmium, or Refined Kitten) has been attempting to deliver the FalseFont backdoor to various organizations within the global infrastructure that enables the research and development of military weapons, systems, subsystems, and components.

Microsoft Threat Intelligence says FalseFont is a custom backdoor with a "wide range of functionalities" that allow operators to remotely access an infected system, launch additional files, and send information to its command and control servers.

FalseFont was first observed being used against targets in early November. It was not clear if there were any detections of successful infections.

Microsoft said Peach Sandstorm has consistently demonstrated interest in organizations in the satellite and defense sectors in 2023. The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting the group is continuing to improve their tradecraft.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights