Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide.
The DIB sector targeted in these attacks comprises over 100,000 defense companies and subcontractors involved in researching and developing military weapons systems, subsystems, and components.
Also tracked as Peach Sandstorm, HOLMIUM, or Refined Kitten, this hacking group has been active since at least 2013.
Their targets span a wide range of industry sectors across the United States, Saudi Arabia, and South Korea, including government, defense, research, finance, and engineering verticals.
FalseFont, the custom backdoor deployed in the campaign unveiled by Microsoft today, provides its operators remote access to compromised systems, file execution, and file transfer to its command-and-control servers.
According to Microsoft, this malware strain was first observed in the wild around early November 2023.
Network defenders are advised to reset credentials for accounts targeted in password spray attacks to reduce the attack surface targeted by APT33 hackers.
They should also revoke session cookies and secure accounts and RDP or Windows Virtual Desktop endpoints using multi-factor authentication.
In September, Microsoft warned of another campaign coordinated by the APT33 threat group that targeted thousands of organizations worldwide, including in the defense sector, in extensive password spray attacks since February 2023.
The attacks resulted in data theft from a limited number of victims in the defense, satellite, and pharmaceutical sectors.
An Iran-linked hacking group dubbed DEV-0343 by researchers at Microsoft Threat Intelligence Center also attacked U.S. and Israeli defense tech companies two years ago, according to an October 2012 Microsoft report.
In recent years, defense agencies and contractors around the world have also landed in the crosshairs of Russian, North Korean, and Chinese state hackers.
Hackers use new Agent Raccoon malware to backdoor US targets.
New Rust-based SysJoker backdoor linked to Hamas hackers.
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine.
Iranian hackers launch malware attacks on Israel's tech sector.
BlueNoroff hackers backdoor Macs with new ObjCShellz malware.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 21 Dec 2023 20:30:25 +0000