Unit 42 provides a technical analysis on Iranian APT Peach Sandstorm’s (aka APT33, Refined Kitten, Holmium, etc.) FalseFont backdoor. FalseFont is a highly targeted backdoor, and so far it has been reported to target job applicants in the aerospace and defense industries. While the GUI is active for user interaction, in the background, the second and main component of the malware is running. As it runs, it is establishing persistence and registering itself to its C2 server. Unit 42 describes the backdoor processes and capabilities. IOC provided. 🔗 https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/

#PeachSandstorm #APT33 #RefinedKitten #Iran #cyberespionage #FalseFont #backdoor #threatintel #IOC

Happy Friday everyone, I hope everyone survived this week!

The Microsoft Threat Intel team has been tracking an Iranian #APT known as #PeachSandstorm. They start with a password spray attack and if they are successful they then utilize both publicly available and custom tools. They cover the attacks in much more detail and provide us with some mitigations and detections! Enjoy and Happy Hunting!

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #APT33 #Elfin #RefinedKitten