Microsoft is raising the alarm on new Iranian state-sponsored attacks targeting employees at US defense industrial base organizations.
The tech giant attributes the attacks to Peach Sandstorm, the name it uses to denominate the activity cluster also tracked as APT33, Elfin, Holmium, Magnallium, and Refined Kitten.
Believed to be active since at least 2013 and to be backed by the Iranian government, APT33 is known for targeting organizations across the government, research, aerospace, energy, finance, telecom, and other sectors in the US, Europe, Asia, and the Middle East.
FalseFont, Microsoft says, was first used in attacks in November 2023.
In September, Microsoft warned of an APT33 campaign targeting thousands of organizations with password spray attacks that, in some cases, resulted in data being exfiltrated from the compromised networks.
In the first phase of the campaign, carried out between February and July 2023, password spraying was used for initial compromise, while the second phase employed exploits targeting known vulnerabilities in Zoho ManageEngine and Confluence.
Organizations are advised to reset passwords for any account targeted in an attack, to revoke session cookies, implement best practices for securing identity infrastructure, practice good credential hygiene, employ multi-factor authentication, transition to passwordless authentication, and secure remote desktop connections.
This Cyber News was published on www.securityweek.com. Publication date: Fri, 22 Dec 2023 13:13:04 +0000