Microsoft warns of new ‘FalseFont’ backdoor aimed at defense sector


Organizations in the Defense Industrial Base (DIB) sector find themselves in the crosshairs of an Iranian threat actor as part of a campaign designed to create a never-before-seen backdoor called FalseFont.

The findings come from Microsoft, which tracks the activity under the name ‘weather’ Peach sandstorm (formerly Holmium), also known as APT33, Elfin and Refined Kitten.

“FalseFont is a custom backdoor with a wide range of functionalities that allows operators to remotely access an infected system, launch additional files and send information to the system [command-and-control] servers”, the Microsoft Threat Intelligence team said on X (formerly Twitter).

The first recorded use of the implant was in early November 2023.

The tech giant further said that the latest development aligns with Peach Sandstorm’s previous activities and demonstrates a continued evolution of the threat actor’s craft.

In a report published in September 2023, Microsoft linked the group to password spray attacks carried out against thousands of organizations worldwide between February and July 2023. The burglaries mainly affected the satellite, defense and pharmaceutical sectors.

The end goal, the company said, is to facilitate intelligence gathering in support of Iranian state interests. Peach Sandstorm is believed to have been active since at least 2013.

The revelation comes as the Israel National Cyber ​​Directorate (INCD) accused Iran and Hezbollah of trying to attack Ziv Hospital unsuccessfully through hacking crews called Agrius and Lebanese Cedar.

The agency too revealed details of a phishing campaign in which a fake advisory for a security flaw in F5 BIG-IP products is used as a lure to deliver wiper malware on Windows and Linux systems.

The attraction for the targeted attack is a critical authentication bypass vulnerability (CVE-2023-46747, CVSS score: 9.8) that was exposed in late October 2023. The extent of the campaign is currently unknown.

#Microsoft #warns #FalseFont #backdoor #aimed #defense #sector

Notify of
Inline Feedbacks
View all comments
Previous Post
New Chrome Zero-Day Vulnerability

Urgent: New Zero-Day vulnerability in Chrome exploited in the wild

Next Post
WinRAR Vulnerability

UAC-0099 Using WinRAR exploit to target Ukrainian companies with LONEPAGE malware

Related Posts