Iranian Cyber Group Crafts Novel Backdoor for Windows System Infiltration
<br>Peach Sandstorm, an Iranian hacker group linked to APT33, Elfin, and Refined Kitten, has been actively targeting various global sectors, including aviation, construction, defense, education, energy, finance, healthcare, government, satellite, and telecommunications. In 2023, the group has shown a particular interest in satellite, defense, and pharmaceutical sectors, employing password spray campaigns as a part of their opportunistic approach.</p>In contrast to their previously noisy operations, their recent activities in 2023 are more stealthy, demonstrating advanced cloud-based techniques. The Microsoft Threat Intelligence team has uncovered a new backdoor named “FalseFont,” attributed to Peach Sandstorm, which is designed to hack the Windows operating system.</p>FalseFont offers capabilities such as remote access, file launching, and data transmission to command and control (C2) servers. Detected in early November 2023, this custom backdoor signifies Peach Sandstorm's continued enhancement of their cyberattack capabilities.</p>