Iranian Hacking Group Targeting Defense Contractors With FalseFont Backdoor
Microsoft has identified APT33, an Iranian cyber-espionage group also known as Peach Sandstorm, HOLMIUM, or Refined Kitten, employing the recently discovered FalseFont backdoor malware to target individuals in the Defense Industrial Base (DIB) sector, encompassing over 100,000 defense companies globally. Active since at least 2013, this group has diversified its targets across various industries in the United States, Saudi Arabia, and South Korea, including government, defense, research, finance, and engineering. FalseFont, the newly deployed custom backdoor, grants remote access to compromised systems, enabling file execution and transfer to command-and-control servers. Microsoft suggests network defenders reset credentials, revoke session cookies, and implement multi-factor authentication for enhanced security against APT33 attacks. Read more...