Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE

Share This Post

An Iranian state-sponsored threat actor has been using a new custom backdoor in attacks aimed at organizations in the United States and the United Arab Emirates, according to Microsoft.

The tech giant tracks the group as Peach Sandstorm, but it’s also known as APT33, Elfin, Holmium, Magnallium, and Refined Kitten. In late 2023, Microsoft reported seeing the threat actor targeting employees at US defense industrial base organizations. 

Microsoft has observed Peach Sandstorm using a new piece of malware that it has named Tickler in intelligence gathering operations targeting satellite, communications equipment, government, and oil and gas organizations in the US and UAE. 

Tickler has been described as a custom, multi-stage backdoor that enables the attackers to download additional malware to compromised systems. The malicious payloads observed by Microsoft were capable of collecting systems information, executing commands, deleting files, and downloading/uploading files from/to a command and control (C&C) server.

The tech giant has continued to see Peach Sandstorm leveraging LinkedIn for intelligence gathering and social engineering attacks. 

The hackers have also continued launching password spray attacks, recently being seen conducting such operations against organizations in the defense, space, education, and government sectors in the US and Australia.

The company also noted that the threat actors “leveraged Azure infrastructure hosted in fraudulent, attacker-controlled Azure subscriptions for command-and-control”.

Microsoft published its report on the same day Google Cloud’s Mandiant published a report on an Iranian counterintelligence operation, and the US government issued an advisory on how Iranian state-sponsored actors have been collaborating with ransomware groups

Advertisement. Scroll to continue reading.

Microsoft, Google, Meta and the US government recently also issued reports on Iranian hackers targeting elections.

Related: How Lessons Learned From the 2016 Campaign Led US Officials to Be More Open About Iran Hack

Related: Google Disrupts Iranian Hacking Activity Targeting US Presidential Election

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .