Microsoft says an Iranian cyber espionage group is using a newly developed malware called FalseFont backdoor for intelligence gathering on defense industry companies worldwide.
“Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector,” said Microsoft Threat Intelligence Unit, the firm’s global network of security experts.
Peach Sandstorm, (formerly Holmium), also known as APT33, Elfin, and Refined Kitten, has recently focused on organizations in the US Defense Industrial Base (DIB), which includes hundreds of thousands of American and foreign entities and subcontractors that perform work for the US Department of Defense (DOD) and other Federal departments and agencies.
The first instances of FalseFont in action were detected against targets in early November 2023.According to Microsoft’s investigative team, Peach Sandstorm is actively pursuing intelligence gathering for the Iranian government. Microsoft did not attribute the hacking to any particular Iranian government entity, but the Islamic Revolution Guard Corps (IRGC) is known for its large ‘cyber army’ that engages in both suppression of internet access and cyber surveillance within Iran and disinformation activities abroad, as well as sophisticated hacking of Western and other targets.
The new report follows Microsoft’s earlier findings, outlined in a September 2023 blog post, where Peach Sandstorm was identified as targeting sectors such as satellites and pharmaceuticals on a global scale.
Earlier this year, Microsoft warned that Russia, Iran, and China are likely to plan to influence the upcoming elections in the United States and other countries in 2024. Microsoft's Threat Analysis Center also confirmed that Iran has intensified its cyberattacks and influence operations since 2020.