#apt33 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #apt33, aggregated by home.social.
-
Unit 42 provides a technical analysis on Iranian APT Peach Sandstorm’s (aka APT33, Refined Kitten, Holmium, etc.) FalseFont backdoor. FalseFont is a highly targeted backdoor, and so far it has been reported to target job applicants in the aerospace and defense industries. While the GUI is active for user interaction, in the background, the second and main component of the malware is running. As it runs, it is establishing persistence and registering itself to its C2 server. Unit 42 describes the backdoor processes and capabilities. IOC provided. 🔗 https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/
#PeachSandstorm #APT33 #RefinedKitten #Iran #cyberespionage #FalseFont #backdoor #threatintel #IOC
-
Happy Friday everyone, I hope everyone survived this week!
The Microsoft Threat Intel team has been tracking an Iranian #APT known as #PeachSandstorm. They start with a password spray attack and if they are successful they then utilize both publicly available and custom tools. They cover the attacks in much more detail and provide us with some mitigations and detections! Enjoy and Happy Hunting!
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #APT33 #Elfin #RefinedKitten
-
#KnowHow: #Netwire is a commercial malware known since 2012, that has been analyzed in depth several times. It has been used mostly in cyber-criminal activities, but has also been used several times in cyber-espionage operations for instance by the Iranian attributed group #APT33 in 2017. It is today sold online for $15 a month by a company called World Wired Labs.
https://www.amnesty.org/en/latest/research/2020/06/india-human-rights-defenders-targeted-by-a-coordinated-spyware-operation/ -
Pick your poison: The potential Iranian responses to US drone strike - Enlarge / TEHRAN, IRAN - (ARCHIVE): A file photo dated September 18, 2016 shows Iranian Revolutiona... more: https://arstechnica.com/?p=1638517 #iranrevolutionaryguardcorps #hellfiremissile #qudsforce #biz&it #policy #oilrig #apt33 #apt34 #iraq #isis
-
“We need to up our game”—DHS cybersecurity director on Iran and ransomware - Enlarge / Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and In... more: https://arstechnica.com/?p=1529393 #departrmentofhomelandsecurity #electionsecurity #ransomware #biz&it #policy #apt33 #apt33 #cisa #iran #dhs