Microsoft has observed the Iranian nation-state cyberattackers known as Peach Sandstorm attempting to deliver a backdoor to individuals working for organizations in the military-industrial sector.
In a series of messages on X, formerly Twitter, Microsoft Threat Intelligence said the Peach Sandstorm advanced persistent threat has been attempting to deliver the FalseFont backdoor to various organizations within the global infrastructure that enables the research and development of military weapons, systems, subsystems, and components.
FalseFont was first observed being used against targets in early November.
It was not clear if there were any detections of successful infections.
Microsoft said Peach Sandstorm has consistently demonstrated interest in organizations in the satellite and defense sectors in 2023.
The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting the group is continuing to improve their tradecraft.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 22 Dec 2023 16:50:09 +0000