Peach Sandstorm, an Iranian hacker group linked to APT33, Elfin, and Refined Kitten, has been actively targeting various global sectors, including aviation, construction, defense, education, energy, finance, healthcare, government, satellite, and telecommunications. In 2023, the group has shown a particular interest in satellite, defense, and pharmaceutical sectors, employing password spray campaigns as a part of their opportunistic approach.In contrast to their previously noisy operations, their recent activities in 2023 are more stealthy, demonstrating advanced cloud-based techniques. The Microsoft Threat Intelligence team has uncovered a new backdoor named “FalseFont,” attributed to Peach Sandstorm, which is designed to hack the Windows operating system.FalseFont offers capabilities such as remote access, file launching, and data transmission to command and control (C2) servers. Detected in early November 2023, this custom backdoor signifies Peach Sandstorm's continued enhancement of their cyberattack capabilities.Microsoft Defender Antivirus, a security solution embedded in Windows OS, identified FalseFont as MSIL/FalseFont.A!dha. The researchers provided indicators of compromise (IOCs) to help organizations detect this sophisticated backdoor, including a C2 server domain (Digitalcodecrafters[.]com) and a SHA-256 hash (364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614).The Microsoft Threat Intelligence team continues their investigations to track down all associated activities of Peach Sandstorm through Microsoft Defender XDR.