Microsoft warned about the growth of spyware attacks and gave recommendations on how to protect confidential data.
Microsoft Corporation announced that the Iranian cyber espionage group APT33 (Peach Sandstorm, HOLMIUM, Refined Kitten) uses a new type of malware called FalseFont to attack employees of companies working in the defense industry around the world.
As noted in the company's message, attempts were recorded to deliver a backdoor to individuals employed in the military-industrial complex, which includes more than 100,000 defense companies and subcontractors engaged in research and development of military weapons systems and components.
The APT33 Group has been active since 2013 and targets a wide range of industries in the United States, Saudi Arabia, and South Korea, including government agencies, defense, research, finance, and engineering.
FalseFont, deployed as part of the detected campaign, allows operators to remotely access compromised systems, launch files, and transfer them to Command and Control servers (C2). Microsoft observed the emergence of the malware strain in early November 2023. According to the company, the development and use of FalseFont is consistent with the activity of Peach Sandstorm observed over the past year, which indicates an improvement in the group's methods.
Cybersecurity specialists are advised to reset credentials for accounts that have been subjected to brute-force attacks in order to reduce the attack surface. You should also revoke session cookies, secure your accounts and RDP or Windows Virtual Desktop access points using Multi - factor authentication( MFA).
Microsoft Corporation announced that the Iranian cyber espionage group APT33 (Peach Sandstorm, HOLMIUM, Refined Kitten) uses a new type of malware called FalseFont to attack employees of companies working in the defense industry around the world.
As noted in the company's message, attempts were recorded to deliver a backdoor to individuals employed in the military-industrial complex, which includes more than 100,000 defense companies and subcontractors engaged in research and development of military weapons systems and components.
The APT33 Group has been active since 2013 and targets a wide range of industries in the United States, Saudi Arabia, and South Korea, including government agencies, defense, research, finance, and engineering.
FalseFont, deployed as part of the detected campaign, allows operators to remotely access compromised systems, launch files, and transfer them to Command and Control servers (C2). Microsoft observed the emergence of the malware strain in early November 2023. According to the company, the development and use of FalseFont is consistent with the activity of Peach Sandstorm observed over the past year, which indicates an improvement in the group's methods.
Cybersecurity specialists are advised to reset credentials for accounts that have been subjected to brute-force attacks in order to reduce the attack surface. You should also revoke session cookies, secure your accounts and RDP or Windows Virtual Desktop access points using Multi - factor authentication( MFA).
