Falsefont

Malware updated a month ago (2024-10-17T13:03:10.065Z)
Download STIX
Preview STIX
FalseFont is a new type of malware developed and used by the Iranian nation-state actor Peach Sandstorm, as observed by Microsoft. The custom backdoor malware, unveiled by Microsoft, provides its operators remote access to compromised systems, allowing for file execution and transfer to its command-and-control (C2) servers. This development aligns with Peach Sandstorm's activities over the past year, indicating that the group is continuously improving their tradecraft. The primary target of FalseFont has been the Defense Industrial Base (DIB) sector. Specifically, APT33, an Iran-linked group, has been using this backdoor malware to target defense contractors worldwide. The campaign has seen the delivery of FalseFont to individuals working within organizations in the DIB sector, showing a focused and strategic approach in their attacks. Microsoft's security intelligence team has been monitoring the situation closely and has released information about the threat to raise awareness and prompt action among potential targets. As the cyber-espionage activities of groups like APT33 continue to evolve, it is crucial for organizations in sensitive sectors like the DIB to stay vigilant, maintain robust cybersecurity measures, and respond swiftly to emerging threats such as FalseFont.
Description last updated: 2024-10-17T12:54:18.846Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Windows
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Peach Sandstorm Threat Actor is associated with Falsefont. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside goverUnspecified
2
The APT33 Threat Actor is associated with Falsefont. APT33, also known as Peach Sandstorm, is an Iran-linked threat actor associated with the Iranian Islamic Revolutionary Guard Corps (IRGC). This group has targeted communication equipment, government agencies, and the oil-and-gas industry in the United Arab Emirates and the United States, primarily fUnspecified
2
Source Document References
Information about the Falsefont Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
CERT-EU
a year ago
Securityaffairs
5 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Unit42
8 months ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago