Iranian Hackers Developed a New Backdoor to Hack Windows

Peach Sandstorm, an Iranian Hackers group, targets diverse sectors globally, and this group is linked to:-.
Using password spray campaigns, Peach Sandstorm exhibits opportunistic behavior, with a history of relying on this tactic.
This custom backdoor, FalseFont, provides the following capabilities to its operators:-.
This custom backdoor, FalseFont, was detected in early November 2023 during operations against its targets.
FalseFont's development aligns with Microsoft's year-long observation of Peach Sandstorm, indicating ongoing enhancement of their newly developed custom backdoor.
Here below, we have mentioned the IOCs that will help the organizations detect this sophisticated backdoor in their environment:-.
Cybersecurity researchers at the Microsoft Threat Intelligence team are actively continuing their ongoing investigations in an attempt to hunt down all the associated activity of Peach Sandstorm through Microsoft Defender XDR. Here below we have mentioned all the mitigations provided by the cybersecurity researchers at the Microsoft Threat Intelligence team:-.
Reset passwords for accounts targeted in a password spray attack, especially those with system-level permissions.
Revoke any changes to multifactor authentication settings made by attackers on compromised accounts.
Block legacy authentication with Microsoft Entra ID using Conditional Access to prevent password spray attacks.
Enable AD FS web application proxy extranet lockout to protect against password brute force compromise.
Practice the least privilege and audit privileged account activity in Microsoft Entra ID environments.
Deploy Microsoft Entra ID Connect Health for AD FS to capture failed attempts and IP addresses in logs.
Use Microsoft Entra ID password protection to detect and block weak passwords and variants.
Turn on identity protection in Microsoft Entra ID to monitor and create policies for risky sign-ins.
Employ MFA for privileged accounts and risk-based MFA for normal accounts to mitigate password spray attacks.
Consider transitioning to passwordless authentication methods like Azure MFA, certificates, or Windows Hello for Business.
Secure RDP or Windows Virtual Desktop endpoints with MFA to harden against attacks.
Practice credential hygiene, including logon restrictions and controls like Windows Firewall on easily compromised systems.
Consider migrating to Microsoft Entra ID authentication to reduce the risk of on-premises compromises.


This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 23 Dec 2023 10:10:30 +0000


Cyber News related to Iranian Hackers Developed a New Backdoor to Hack Windows

Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
11 months ago Bleepingcomputer.com
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
9 months ago Securityboulevard.com
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
1 year ago Hackread.com
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
1 year ago Bleepingcomputer.com
Iranian Hackers Developed a New Backdoor to Hack Windows - Peach Sandstorm, an Iranian Hackers group, targets diverse sectors globally, and this group is linked to:-. Using password spray campaigns, Peach Sandstorm exhibits opportunistic behavior, with a history of relying on this tactic. This custom ...
11 months ago Cybersecuritynews.com
Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
1 year ago Bleepingcomputer.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com
Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - The latest version of the Kazuar backdoor could be more sophisticated than previously imagined, according to Palo Alto Networks. The Kazuar backdoor was used by the Russian hacking group Turla to target the Ukrainian defense sector in July 2023, the ...
1 year ago Infosecurity-magazine.com
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
8 months ago Infosecurity-magazine.com
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
Microsoft Identifies Iranian GovernmentBacked Group as Responsible for Charlie Hebdo Cyber Attack - In January 2023, the U.S. government sanctioned an Iranian nation-state group for the hack of the French satirical magazine Charlie Hebdo. Microsoft, which revealed the details of the incident, is tracking the activity cluster under the name ...
1 year ago Thehackernews.com
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets - A group of pro-Hamas attackers known as the Gaza Cybergang is using a new variation of the Pierogi++ backdoor malware to launch attacks on Palestinian and Israeli targets. According to research from Sentinel Labs, the backdoor is based on the C++ ...
1 year ago Darkreading.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Understanding Backdoor Diplomacy Attack on Iranian Government Entities - In today’s digital world, cyberattacks are becoming increasingly prevalent, particularly against governments and public or private entities. Recently, a new targeted attack against Iranian government entities has been detected. Dubbed “Backdoor ...
1 year ago Heimdalsecurity.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Hackers use new IceBreaker malware to breach gaming companies - Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker. The compromise method relies on tricking customer service agents into opening malicious ...
1 year ago Bleepingcomputer.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
10 months ago Bleepingcomputer.com
Hack The Box Launches 5th Annual University CTF Competition - PRESS RELEASE. Hack The Box, the leading gamified cybersecurity upskilling, certification, and talent assessment platform, is announcing its fifth annual global University Capture The Flag competition that will take place from December 8 to 10, 2023. ...
1 year ago Darkreading.com
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
10 months ago Securityweek.com
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say - A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities ...
1 year ago Securityweek.com
Cyberattack Targets Albanian Parliament's Data System, Halting Its Work - Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. It said the system's services would resume at a later time. Local media reported ...
11 months ago Securityweek.com
Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
1 year ago Therecord.media
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
1 year ago Securityweek.com
New 'SpectralBlur' macOS Backdoor Linked to North Korea - Security researchers have dived into the inner workings of SpectralBlur, a new macOS backdoor that appears linked to the recently identified North Korean malware family KandyKorn. The observed SpectralBlur sample was initially uploaded to VirusTotal ...
11 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)