Microsoft warn Iranian threat actor has targeted organizations in the Defense Industrial Base (DIB) sector with a campaign involving a new type of backdoor called FalseFont. Microsoft found the activity related to Peach Sandstorm (previously known as Holmium), also called APT33, Elfin, and Refined Kitten.
FalseFont is a type of malware that can be used to remotely control a hacked system and perform various actions, such as accessing files and sending data to its servers. This information comes from the Microsoft Threat Intelligence team. The first recorded use of the implant was in early November 2023.
By infosecbulletin
/ Thursday , July 4 2024
Microsoft's cybersecurity team found two major vulnerabilities in Rockwell Automation's PanelView Plus, a widely used human-machine interface in industrial settings....
Read More
By infosecbulletin
/ Thursday , July 4 2024
Cybersecurity experts found 28 new types of ransomware in June. These malicious programs are a big threat to individuals and...
Read More
By infosecbulletin
/ Wednesday , July 3 2024
ISACA Dhaka Chapter election is going to be held on Saturday (6 July) 2024. This year 23 candidates will fight...
Read More
By infosecbulletin
/ Wednesday , July 3 2024
Google launched a new bug bounty program called kvmCTF to enhance the security of its Kernel-based Virtual Machine (KVM) hypervisor....
Read More
By infosecbulletin
/ Tuesday , July 2 2024
The Brain Cipher ransomware group to release the decryption keys for Indonesia Terkoneksi on Wednesday. They said their attack aims...
Read More
By infosecbulletin
/ Tuesday , July 2 2024
"A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email...
Read More
By infosecbulletin
/ Tuesday , July 2 2024
The Apache Software Foundation has found multiple security issues in the widely used Apache HTTP Server. These vulnerabilities could lead...
Read More
By infosecbulletin
/ Tuesday , July 2 2024
An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat...
Read More
By infosecbulletin
/ Monday , July 1 2024
There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as...
Read More
By infosecbulletin
/ Monday , July 1 2024
Despite the limited manpower and various limitations, efforts are being made to keep the country's cyber space safe, said the...
Read More
ALSO READ:
LockBit, BlackCat Unite; Chat; raising security concerns
The company stated that this new development is consistent with previous actions by Peach Sandstorm and shows that the threat actor’s methods are still evolving.
Microsoft’s report from September 2023 connected the group to password spray attacks on numerous organizations worldwide from February to July 2023. The attacks targeted satellite, defense, and pharmaceutical sectors. The company’s goal is to help gather intelligence for Iran. Peach Sandstorm has been active since 2013.
Israel’s National Cyber Directorate (INCD) has accused Iran and Hezbollah of attempting to hack Ziv Hospital. The hacking crews involved in the attempt were named Agrius and Lebanese Cedar.
The agency revealed a phishing campaign using a fake security advisory for F5 BIG-IP products to deliver wiper malware on Windows and Linux systems.
A critical authentication bypass vulnerability (CVE-2023-46747, CVSS score: 9.8) was discovered in late October 2023, and it is being used as bait for targeted attacks. The size of the campaign is not yet known.