Not SimonMar 21, 2024

Unit 42 provides a technical analysis on Iranian APT Peach Sandstorm’s (aka APT33, Refined Kitten, Holmium, etc.) FalseFont backdoor. FalseFont is a highly targeted backdoor, and so far it has been reported to target job applicants in the aerospace and defense industries. While the GUI is active for user interaction, in the background, the second and main component of the malware is running. As it runs, it is establishing persistence and registering itself to its C2 server. Unit 42 describes the backdoor processes and capabilities. IOC provided. 🔗 https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/

#PeachSandstorm #APT33 #RefinedKitten #Iran #cyberespionage #FalseFont #backdoor #threatintel #IOC

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

Iran-linked APT Curious Serpens is using a new backdoor, FalseFont, to target the aerospace and defense industries through fake job recruitment.

Unit 42
securityaffairsDec 25, 2023
#Iran-linked #APT33 targets Defense Industrial Base sector with #FalseFont #backdoor
https://securityaffairs.com/156366/apt/apt33-falsefont-targets-defense-sector.html
#securityaffairs #hacking #malware
APT33 targets Defense Industrial Base sector with FalseFont

Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor.

Security Affairs