CyberVeille.chJul 10, 2025
📢 Augmentation des attaques des groupes APT iraniens contre les entités industrielles américaines
📝 Selon un rapport de **Nozomi Networks**, les groupes de menaces persistantes avancées (APT) iraniens, notam...
📖 cyberveille : https://cyberveille.ch/posts/2025-07-10-augmentation-des-attaques-des-groupes-apt-iraniens-contre-les-entites-industrielles-americaines/
🌐 source : https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025
#APT #APT33 #Cyberveille
Augmentation des attaques des groupes APT iraniens contre les entités industrielles américaines

Selon un rapport de Nozomi Networks, les groupes de menaces persistantes avancées (APT) iraniens, notamment MuddyWater et APT33, ont intensifié leurs attaques contre des entités industrielles aux États-Unis durant les mois de mai et juin. Ces groupes sont connus pour cibler des infrastructures critiques et des secteurs industriels, exploitant des vulnérabilités pour accéder à des systèmes sensibles. Les attaques récentes soulignent une escalade dans les cyberactivités malveillantes dirigées par ces acteurs étatiques.

CyberVeille
securityaffairsAug 29, 2024
#Iran-linked group #APT33 adds new #Tickler #malware to its arsenal
https://securityaffairs.com/167730/apt/apt33-used-new-tickler-malware.html
#securityaffairs #hacking
Iran-linked APT33 adds new Tickler malware to its arsenal

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors.

Security Affairs
Not SimonMar 21, 2024

Unit 42 provides a technical analysis on Iranian APT Peach Sandstorm’s (aka APT33, Refined Kitten, Holmium, etc.) FalseFont backdoor. FalseFont is a highly targeted backdoor, and so far it has been reported to target job applicants in the aerospace and defense industries. While the GUI is active for user interaction, in the background, the second and main component of the malware is running. As it runs, it is establishing persistence and registering itself to its C2 server. Unit 42 describes the backdoor processes and capabilities. IOC provided. 🔗 https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/

#PeachSandstorm #APT33 #RefinedKitten #Iran #cyberespionage #FalseFont #backdoor #threatintel #IOC

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

Iran-linked APT Curious Serpens is using a new backdoor, FalseFont, to target the aerospace and defense industries through fake job recruitment.

Unit 42
securityaffairsDec 25, 2023
#Iran-linked #APT33 targets Defense Industrial Base sector with #FalseFont #backdoor
https://securityaffairs.com/156366/apt/apt33-falsefont-targets-defense-sector.html
#securityaffairs #hacking #malware
APT33 targets Defense Industrial Base sector with FalseFont

Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor.

Security Affairs
Captain CyberbeardDec 24, 2023

⚓️🏴‍☠️ Beware the digital seas! Our latest post reveals the menacing "Sultan Shah" (#APT33) and their covert weapon "FalseFont". Read our captain's full briefing and prepare to be enthralled! #CyberSecurity #DigitalPirates 🏴‍☠️💻

https://cybercorsair.blogspot.com/2023/12/ships-chronicle-23-december-2013.html

SHIP'S CHRONICLE: 23 December 2013: "Navigating the Treacherous Waters Near Iran - Sultan Shah Lurks"

"Navigating the Treacherous Waters Near Iran - Sultan Shah Lurks"

Just Another Blue TeamerSep 15, 2023

Happy Friday everyone, I hope everyone survived this week!

The Microsoft Threat Intel team has been tracking an Iranian #APT known as #PeachSandstorm. They start with a password spray attack and if they are successful they then utilize both publicly available and custom tools. They cover the attacks in much more detail and provide us with some mitigations and detections! Enjoy and Happy Hunting!

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #APT33 #Elfin #RefinedKitten

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets | Microsoft Security Blog

Since February 2023, Microsoft has observed a high volume of password spray attacks attributed to Peach Sandstorm, an Iranian nation-state group. In a small number of cases, Peach Sandstorm successfully authenticated to an account and used a combination of publicly available and custom tools for persistence, lateral movement, and exfiltration.

Microsoft Security Blog
Mr. Curious! Jun 15, 2020
#KnowHow: #Netwire is a commercial malware known since 2012, that has been analyzed in depth several times. It has been used mostly in cyber-criminal activities, but has also been used several times in cyber-espionage operations for instance by the Iranian attributed group #APT33 in 2017. It is today sold online for $15 a month by a company called World Wired Labs.
https://www.amnesty.org/en/latest/research/2020/06/india-human-rights-defenders-targeted-by-a-coordinated-spyware-operation/
India: Human Rights Defenders Targeted by a Coordinated Spyware Operation

Amnesty International and the Citizen Lab have uncovered a coordinated spyware campaign targeting at least nine human rights defenders (HRDs) in India. Eight of the nine HRDs have been calling for the release of other prominent activists, popularly known as the Bhima Koregaon 11, most of whom have been imprisoned in Maharashtra, India since 2018. Between January and October 2019, the HRDs were targeted with emails containing malicious links. If these links were clicked, a form of commercially-manufactured Windows spyware would have been deployed, compromising the target’s Windows computers, in order to monitor their actions and communications. This is a violation of their rights to freedom of expression and privacy. At least three of the nine HRDs were also targeted with NSO’s Pegasus spyware in 2019.

Amnesty International
ITSEC NewsFeb 18, 2020
Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign - APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure tha... more: https://threatpost.com/iranian-apts-fox-kitten-global-spy-campaign/152974/ #criticalinfratructureespionage #criticalinfrastructure #vulnerabilities #wipermalware #websecurity #cyberattack #spycampaign #government #zerocleare #foxkitten #clearsky #malware #oilrig #hacks #apt33 #apt34 #elfin
Iran-Backed APTs Collaborate on 3-Year 'Fox Kitten' Global Spy Campaign

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.

Threatpost - English - Global - threatpost.com
@D3lMur47Feb 17, 2020

Fox Kitten – Widespread #iranian Espionage-Offensive Campaign
#APT34 #APT33

https://www.clearskysec.com/fox-kitten/

Gregori FabreNov 15, 2019
Cybercrime : Un groupe APT iranien a construit son propre #vpn #zdnet https://www.zdnet.fr/actualites/cybercrime-un-groupe-apt-iranien-a-construit-son-propre-vpn-39893949.htm #apt33
Cybercrime : Un groupe APT iranien a construit son propre VPN

Les chercheurs en sécurité sont parvenus à identifier le réseau privé VPN de 21 nœuds d’APT33, un groupe de cybercriminels liés au gouvernement iranien.