MalwareSecurity

Iranian threat actors targeting businesses and governments, CISA, Microsoft warn

Defenders should watch for an archive file named Network Security.zip, which includes an .exe with the Tickler malware, and for a Trojan dropper named sold.dll.

Here’s another example of Peach Sandstorm tactics detailed by Microsoft: After hacking into a European defense organization, the gang moved laterally using the Windows SMB (Server Message Block) protocol. This protocol, which is used for sharing files, printers, and other resources on a network, has been misused by many threat actors. Microsoft offers this advice to network admins for preventing SMB from being used as an attack tool.

In another attack, against a Middle East-based satellite operator, Peach Sandstorm compromised a user using a malicious ZIP file delivered via a Microsoft Teams message, followed by dropping Active Directory (AD) Explorer and taking an AD snapshot. An AD snapshot is a read-only, point-in-time copy of the AD database and related files, which can be used for various legitimate administrative tasks. These snapshots can also be exploited by threat actors for malicious purposes.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button