In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government.
Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the latest activities of the Iranian nation-state actor Peach Sandstorm, also known as HOLMIUM. The group has been making efforts to deploy a newly developed backdoor called FalseFont, specifically targeting individuals within the Defense Industrial Base.
This disclosure follows Microsoft's earlier findings, outlined in a September 2023 blog post, where Peach Sandstorm was identified as targeting sectors such as satellites and pharmaceuticals on a global scale.
Microsoft's investigative team believes that Peach Sandstorm is actively pursuing intelligence gathering for the Iranian government, aligning their actions with state interests.
According to Microsoft's tweets shared today, FalseFont stands out as a custom backdoor equipped with a diverse set of functionalities.
The first instances of FalseFont in action were detected against targets in early November 2023.
The development and deployment of FalseFont showcase a consistent evolution in Peach Sandstorm's tactics, a trend observed by Microsoft over the past year.
This suggests a continuous effort by Peach Sandstorm to enhance their tradecraft.
It's worth noting that Microsoft Defender Antivirus already detects FalseFont as Backdoor:MSIL/FalseFont.
Although Microsoft is monitoring Peach Sandstorm's activities, unsuspecting users should be on the lookout for phishing and social engineering attacks that may be employed by Peach Sandstorm to spread the FalseFont backdoor.
Verify the sender's legitimacy before interacting with any content, as FalseFont often infiltrates systems through phishing emails.
Regularly install security patches and updates to safeguard against vulnerabilities that attackers might exploit to deliver the FalseFont backdoor.
FalseFont attackers often use deceptive email addresses to mimic legitimate entities.
Even if credentials are compromised, MFA can prevent unauthorized access, reducing the risk of FalseFont infiltration.
Educate them about the tactics used by attackers to deploy FalseFont and emphasize the importance of staying alert.
Be sceptical of requests demanding immediate action, and take time to independently verify the legitimacy of such communications to avoid falling victim to FalseFont.
Attackers may use publicly available details for targeted social engineering attacks, leading to the deployment of the FalseFont backdoor.
Educate on Social Engineering Tactics: Provide training on social engineering tactics and red flags associated with deceptive communication.
Awareness about manipulation techniques helps users identify and thwart attempts to deliver FalseFont through social engineering.
Restricting access to personal information reduces the chances of attackers gathering details for crafting convincing social engineering attacks and deploying FalseFont.
This Cyber News was published on www.hackread.com. Publication date: Thu, 21 Dec 2023 21:13:05 +0000