Iranian government-connected hackers are deploying custom malware to compromise targets in the satellite, oil and gas, communications and government sectors in the United States and United Arab Emirates, according to research Microsoft published on Wednesday.

It’s the latest evidence of ever-expanding Iranian aggression in cyberspace, coming shortly after revelations about how hackers from the country have targeted both parties in the 2024 U.S. presidential race.

The group that’s at the center of Wednesday’s report — which Microsoft calls Peach Sandstorm but is also known as APT33 and Refined Kitten, among  other monikers — very recently deployed the custom backdoor malware dubbed Tickler. Microsoft observed Tickler activity from April to July. It relies on infrastructure from Microsoft’s own Azure cloud computing platform, using fraudulent, attacker-controlled subscriptions.

“Microsoft assesses that Peach Sandstorm operates on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC) based on the group’s victimology and operational focus,” the company said in its report. “Microsoft further assesses that Peach Sandstorm’s operations are designed to facilitate intelligence collection in support of Iranian state interests.”

The Tickler attacks follow recent password spray attacks, which seek to use common passwords to compromise a wide array of accounts. Peach Sandworm has a history of using that method to penetrate targets, and Microsoft saw such attacks as recently as April and May. Microsoft said the group targeted the defense, space, education, and government sectors in the United States and Australia.

The attacks appear to have had some success. “In the past year, Peach Sandstorm has successfully compromised several organizations, primarily in the aforementioned sectors using bespoke tooling,” the report states.

Government agencies and industry have been devoting more attention to the space sector, although some think they should be taking other steps to protect it.

The Iranian government routinely denies any connection to overseas hacking operations.

The post Iranian hackers ‘tickle’ targets in US, UAE with custom tool, Microsoft says appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

White House and EC-Council Launch $15m Cybersecurity Scholarship Program

August 5, 2024 0 Comments 0 tags

The White House and EC-Council scholarship program aims to train over 50,000 students in critical cybersecurity skills

Read More

Moroccan cybercrime group impersonates nonprofits and abuses cloud services to rake in gift card cash

May 23, 2024 0 Comments 0 tags

A highly successful, financially motivated crime group has been impersonating nonprofit organizations to obtain reduced rates or even free access to cloud accounts, which it then uses to operate an

Read More

Whale Song Code

April 29, 2024 0 Comments 0 tags

During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins,

Read More