Organizations in the defense industrial base industry are having their employees targeted by Iranian nation-state threat operation APT33, also known as Peach Sandstorm, Refined Kitten, or HOLMIUM, in attacks involving the novel FalseFont malware, BleepingComputer reports.
Aside from facilitating remote systems access, the FalseFont backdoor initially discovered last month also enabled file execution and transfers to command-and-control servers, according to the Microsoft Threat Intelligence team. "The development and use of FalseFont is consistent with Peach Sandstorm activity observed by Microsoft over the past year, suggesting that Peach Sandstorm is continuing to improve their tradecraft," said Microsoft, which also urged immediate password resets, multifactor authentication implementation, and session cookie revocation to avert potential compromise. Such a development comes months after Microsoft reported on password spraying attacks conducted by APT33 against thousands of entities around the world from February to July. Organizations primarily targeted by APT33 in the campaign were those in the defense, pharmaceutical, and satellite sectors.
