Falsefont

Malware updated a month ago (2024-08-14T09:56:28.512Z)

Download STIX

Preview STIX

FalseFont is a malicious software (malware) developed and used by the Iranian nation-state actor Peach Sandstorm, which has been targeting organizations in the Defense Industrial Base (DIB) sector. This malware allows its operators to gain remote access to compromised systems, execute files, and transfer files to its command-and-control servers. The development and use of FalseFont align with the activities of Peach Sandstorm observed by Microsoft over the past year, suggesting a continuous improvement in their cyber warfare tradecraft. Microsoft has recently unveiled the campaign deploying this custom backdoor, named FalseFont. It was observed that the APT33 Iranian cyber-espionage group, linked to Peach Sandstorm, is using the newly developed FalseFont backdoor malware to launch attacks on defense contractors worldwide. This revelation underscores the evolving threat landscape and the increasing sophistication of cyber-espionage activities. The Defense Industrial Base sector, being a critical part of national security infrastructure, is an attractive target for state-sponsored cyber actors like APT33. The deployment of FalseFont signifies a strategic shift in the modus operandi of such groups, highlighting the importance of robust cybersecurity measures within sensitive sectors. Organizations are advised to remain vigilant and ensure their systems are adequately protected against such advanced persistent threats.

Description last updated: 2024-08-14T08:49:53.087Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Windows

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Peach Sandstorm	Unspecified	2	Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and Refined Kitten, is a threat actor that has been active since 2013. This Iran-linked cyberespionage group has targeted various sectors, including aerospace, energy, government, defense, satellite, oil, and gas. It h
APT33	Unspecified	2	APT33, an Iran-linked threat actor also known as Peach Sandstorm, Holmium, Elfin, Refined Kitten, and Magic Hound, has been involved in a series of cyber espionage activities targeting various sectors. The group's primary targets include the government, defense, satellite, oil, and gas sectors in th

Source Document References

Information about the Falsefont Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
CERT-EU	9 months ago	Microsoft: Hackers target defense firms with new FalseFont malware
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Unit42	6 months ago	Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention
CERT-EU	9 months ago	Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
CERT-EU	9 months ago	Iranian Hackers Developed a New Backdoor to Hack Windows \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	9 months ago	Iran's 'Peach Sandstorm' Cyberattackers Target Global Defense Network