Iranian hackers infiltrate US defense orgs using advanced cyber backdoor.

December 24, 2023
1 min read

Iranian cyberspies have targeted US defense organizations with a new backdoor called FalseFont, according to Microsoft. The malware allows operators to remotely access infected systems, launch additional files, and send information to command and control servers. The backdoor was first observed being used against targets in November 2023. The threat hunters at Mandiant, who track the Iran-backed group as APT33, say the group targets organizations in the US, Saudi Arabia, and South Korea for “strategic cyberespionage”. They have a particular interest in commercial and military aviation companies, as well as those in the energy sector with ties to petrochemical production.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and