1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Defense firms targeted with dangerous new malware, Microsoft warn

    From TechnologyDaily@1337:1/100 to All on Fri Dec 22 16:30:05 2023
    Defense firms targeted with dangerous new malware, Microsoft warns

    Date:
    Fri, 22 Dec 2023 16:25:27 +0000

    Description:
    Microsoft claims Iranian state-sponsored actors are targeting sensitive files belonging to defense contractors.

    FULL STORY ======================================================================

    Iranian state-sponsored hackers are targeting defense contractors worldwide with information-stealing malware, experts at Microsoft have warned.

    According to the team, a group called APT33 (AKA Peach Sandstorm, HOLMIUM) is going after companies that research and develop military weapons systems and other gear, with a new piece of malware called FalseFont.

    "Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector," the company said. FalseFont

    There are more than 100,000 companies in this industry, BleepingComputer added.

    While Microsoft didnt detail exactly how Peach Sandstorm was dropping FalseFont to target endpoints, its safe to assume the usual methods: phishing emails, social engineering, and unpatched device vulnerabilities. Microsoft said that FalseFont can grant its operators access to compromised systems, giving them the ability to execute files and steal sensitive data.

    The backdoor is still being developed, they added.

    "The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting that Peach Sandstorm is continuing to improve their tradecraft," the company concluded. FalseFont was first spotted in early November this year.

    To protect against such attacks, organizations in the DIB sector are advised to reset their passwords, revoke session cookies, and secure accounts, RDP, and Windows Virtual Desktop endpoints, with multi-factor authentication
    (MFA).

    APT33 has been around for years, and TechRadar Pro has reported on its activities numerous times in these past couple of years. The group has allegedly been active for a decade and was spotted this September targeting thousands of organizations all over the world with password spray attacks.

    "Between February and July 2023, Peach Sandstorm carried out a wave of password spray attacks attempting to authenticate to thousands of environments," Microsofts researchers said at the time. "Throughout 2023, Peach Sandstorm has consistently demonstrated interest in US and other country's organizations in the satellite, defense, and to a lesser extent, pharmaceutical sectors."

    Via BleepingComputer More from TechRadar Pro BlackCat strikes again - and
    this time it's breached a healthcare giant Here's a list of the best
    firewalls today These are the best endpoint protection services right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/defense-firms-targeted-with-dangerous-n ew-malware-microsoft-warns


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)