Iran-Linked Hackers Target World Defense Firms With New Malware
Microsoft says an Iranian cyber espionage group is using a newly developed malware called FalseFont backdoor for intelligence gathering on defense industry companies worldwide.
Microsoft says an Iranian cyber espionage group is using a newly developed malware called FalseFont backdoor for intelligence gathering on defense industry companies worldwide.
“Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector,” said Microsoft Threat Intelligence Unit, the firm’s global network of security experts.
Peach Sandstorm, (formerly Holmium), also known as APT33, Elfin, and Refined Kitten, has recently focused on organizations in the US Defense Industrial Base (DIB), which includes hundreds of thousands of American and foreign entities and subcontractors that perform work for the US Department of Defense (DOD) and other Federal departments and agencies.
The first instances of FalseFont in action were detected against targets in early November 2023.According to Microsoft’s investigative team, Peach Sandstorm is actively pursuing intelligence gathering for the Iranian government. Microsoft did not attribute the hacking to any particular Iranian government entity, but the Islamic Revolution Guard Corps (IRGC) is known for its large ‘cyber army’ that engages in both suppression of internet access and cyber surveillance within Iran and disinformation activities abroad, as well as sophisticated hacking of Western and other targets.
The new report follows Microsoft’s earlier findings, outlined in a September 2023 blog post, where Peach Sandstorm was identified as targeting sectors such as satellites and pharmaceuticals on a global scale.
Earlier this year, Microsoft warned that Russia, Iran, and China are likely to plan to influence the upcoming elections in the United States and other countries in 2024. Microsoft's Threat Analysis Center also confirmed that Iran has intensified its cyberattacks and influence operations since 2020.
As the 8-year-long Iran-Iraq war ended in the late 1980s, some of the veterans who returned home, realized that the country has changed while they were in the battlefronts. Their generals got financial concessions from the government, and the cities looked as if there had never been a war, with women defying the compulsory hijab and male and female students mingling at the campuses and elsewhere.
Furthermore, Ayatollah Ruhollah Khomeini’s death almost a year after the war made the situation look even worse for the veterans. Saddam Hussain, the Islamic Republic's arch enemy was now being referred to as Brother Saddam and an ally.
So, the former soldiers organized themselves as Ansar Hezbollah and started to attack the relatively moderate government of President Akbar Hashemi Rafsanjani. Having been indoctrinated during the war with Islamist propaganda, they beat women and university students in the streets of Tehran, Esfahan, Mashhad, and other major Iranian cities.
When the new leader, Ali Khamenei came to power, he used the Ansar on a few occasions to suppress dissent in Tehran and Mashhad, but generally, he did not give them much of a space to be politically active. Hossein Allahkaram, the vigilante group's leader was not happy with the spoils of war he had won, which was the much-sought license for a travel agency that could make anyone rich almost overnight. He wanted to have a say in politics, but everyone looked at the vigilante group as a bunch of reckless thugs.
Allahkaram, cleared the streets and went to the university using the government entitlement given to former soldiers. After his graduation, according to Etemad newspaper, he was no longer a man to stand in the streets. Now he wanted to sit at the political bureau of a political party. That was how he officially established The Society of Combatants Defending the Islamic Revolution, aka known as Razma.
The party's platform is one of "eliminating poverty, offering political and cultural insight, explaining the merits of the revolution, preparing cadres for the country, and nominating revolutionary candidates for elections." This, he said, "Is an independent party."
Coming from the lower depths of the Iranian society, and the poor neighborhoods of southern Tehran, Allahkaram, now 67, still travels on a motorbike and lives near a cemetery in southern Tehran. His violent past is almost forgotten, and he can now invest in his credentials as someone from the poor neighborhoods. Until late 1990s, he organized rallies in the affluent northern part of Tehran against capitalism and "hijablessness" and heavy-handedly tackled any barrier to the rallies. The price he paid, was the ban on his group's publications, otherwise he and his group passed the test of time almost without any serious consequence.
The government turned a blind eye on his activities as hardliners benefitted from his street battles with "liberals". However, Allahkaram never assumed any responsibility for the violence his group employed in the streets. His political track record includes his support for government agents murdering Iranian intellectuals in the 1990s and his mild criticism of Iranian thugs who attacked the British embassy in 2011.
Allahkaram may not be in a good position to compete with Iranian hardliners who are now at the center of Iranian politics, and he may not win as many seats in the parliament as he hopes. Other hardliners have turned into dragons and monsters, while Allahkaram and his group fought in Iraq, Bosnia and on the streets.
