New cyberthreat

Iranian Cyber Espionage Group Launches Malware Against US Defense Companies

Microsoft’s Threat Intelligence team announced that it has discovered the Iranian cyber espionage group APT33 deploying the new FalseFont malware on the U.S. defense industrial base. The new malware provides a multi-function backdoor for remote access, deploying files and sending information to the malicious operators’ command-and-control servers, the Microsoft team said.

According to the team’s researchers, APT33 started months-long cyberattacks in February, focusing on satellite defense and pharmaceutical targets, SC Media reported.

The researchers observed that APT33’s new malware rides on a password spray campaign called Peach Sandstorm, involving months-long attempts to access multiple accounts in an organization by using commonly used passwords.

The targeted organizations’ profiles and intrusion activities suggest that the campaign may have been used to “facilitate intelligence collection in support of Iranian state interests,” the researchers said.

Cybersecurity company Mandiant first observed APT33’s cyber espionage activities in 2017, noting that it is also targeting Saudi Arabia and South Korea-based organizations.

Another Iran-associated cyberthreat group, the Cyber Av3ngers, recently targeted the industrial control system of the Municipal Water Authority of Aliquippa in Pennsylvania.