Threats

Iranian hackers ‘tickle’ targets in US, UAE with custom tool, Microsoft says

Peach Sandstorm is said to have focused on the oil and gas, satellite, government and communications sectors.

August 28, 2024

Niger River, Segou, Segou, Mali; Sascha Grabow, Getty Images

Iranian government-connected hackers are deploying custom malware to compromise targets in the satellite, oil and gas, communications and government sectors in the United States and United Arab Emirates, according to research Microsoft published on Wednesday.

It’s the latest evidence of ever-expanding Iranian aggression in cyberspace, coming shortly after revelations about how hackers from the country have targeted both parties in the 2024 U.S. presidential race.

The group that’s at the center of Wednesday’s report — which Microsoft calls Peach Sandstorm but is also known as APT33 and Refined Kitten, among other monikers — very recently deployed the custom backdoor malware dubbed Tickler. Microsoft observed Tickler activity from April to July. It relies on infrastructure from Microsoft’s own Azure cloud computing platform, using fraudulent, attacker-controlled subscriptions.

“Microsoft assesses that Peach Sandstorm operates on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC) based on the group’s victimology and operational focus,” the company said in its report. “Microsoft further assesses that Peach Sandstorm’s operations are designed to facilitate intelligence collection in support of Iranian state interests.”

The Tickler attacks follow recent password spray attacks, which seek to use common passwords to compromise a wide array of accounts. Peach Sandworm has a history of using that method to penetrate targets, and Microsoft saw such attacks as recently as April and May. Microsoft said the group targeted the defense, space, education, and government sectors in the United States and Australia.

The attacks appear to have had some success. “In the past year, Peach Sandstorm has successfully compromised several organizations, primarily in the aforementioned sectors using bespoke tooling,” the report states.

Government agencies and industry have been devoting more attention to the space sector, although some think they should be taking other steps to protect it.

The Iranian government routinely denies any connection to overseas hacking operations.

Iranian hackers ‘tickle’ targets in US, UAE with custom tool, Microsoft says

More Like This

CISA warns of hackers exploiting bug for end-of-life Ivanti product

British teen arrested over cyberattack on London transportation agency

Cybersecurity, disinformation dominates hearing on elections

Top Stories

US accuses RT, others of covert arms dealing, global influence operations

More Scoops

Iranian-linked hackers collaborate with ransomware affiliates, feds say

Microsoft: Iranian espionage campaign targeted satellite and defense sectors

Microsoft says Iranian hackers combine influence ops with hacking for maximum impact

Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say

Iranian government-backed hackers target critical infrastructure with ransomware, US says

Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

State-backed hackers targeted Biden and Trump campaign associates, Microsoft says

Latest Podcasts

We’re back! RunSafe CEO Joe Saunders on secure-by-design in IoT devices

Ted Schlein on the cybersecurity industry and the latest twist in the Trump-Iran hacking saga

Hack-and-leak op targets Trump; a technical deep dive with John Hammond on the CrowdStrike outage

A deep dive with Tim Starks on the Biden administration’s cybersecurity initiatives

Government

Technology

Threats

Geopolitics