Microsoft warned that Iranian hackers are targeting secret information from defense, satellite and pharmaceutical companies

A security camera near the Microsoft offices (AP Photo/Andy Wong/File) (Andy Wong/)

Hackers supported by the Iran regime carried out a series of cyber attacks directed towards pharmaceutical, defense and satellite companies in USA and in various parts of the world, as reported Microsoft it’s a statement.

Since last February, These hackers managed to successfully infiltrate thousands of organizations who have been the target of their attacks. They used a hacking technique highly effectivewhich highlights the determination of Tehran-based hacker groups to access valuable intelligence information, the company detailed.

The sanctions regime imposed by the United States has attempted to restrict Iran’s access to military equipment and, according to a report by a United Nations panel, in some cases has deterred Western companies from supplying medical products to Iran.

Although it is difficult to determine the precise motivations behind cyber attacks on pharmaceutical, defense and satellite companies, Sanctions have increased the incentive for Iran to seek trade secrets belonging to foreign companiesas explained Sherrod DeGrippodirector of threat intelligence strategy at Microsoft.

In dialogue with cnnstated: “Those are sectors where they might have had trouble generating the things they need internally.”.

Hackers backed by the Iranian regime carried out a series of cyberattacks targeting pharmaceutical, defense and satellite companies in the United States and around the world (Shutterstock)
Hackers backed by the Iranian regime carried out a series of cyberattacks targeting pharmaceutical, defense and satellite companies in the United States and around the world (Shutterstock)

“From February 2023, Microsoft has observed password spraying activity against thousands of organizations carried out by an actor we trace as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor that has recently gone after organizations in the satellite, defense, and pharmaceutical sectors around the world. Based on the profile of victim organizations and subsequent intrusion activity observed, Microsoft assesses that this initial access campaign is likely used to facilitate intelligence gathering in support of Iranian state interests“, denounced the company.

He then explained that Peach Sandstorm is a group sponsored by the Tehran regime known for attacking organizations in several countries. In previous attacks, he pursued targets in the aviation, construction, defense, education, energy, financial services, healthcare, government, satellite and telecommunications sectors. The activity Microsoft attributes to Peach Sandstorm overlaps with public reports about well-known groups such as APT33, Elfin and Refined Kitten, the company added.

Throughout this year, Peach Sandstorm constantly showed interest in organizations in the satellite, defense and, to a lesser extent, pharmaceutical sectors. In the initial phase, he conducted password outreach campaigns against thousands of organizations across various sectors and geographies. While Microsoft noted several organizations previously targeted by Peach Sandstorm, The volume of activity and the variety of organizations suggest that at least a subset of the initial activity is “opportunistic.”he denounced.

The hacking method consists of “compromise an identity”, indicated DeGrippo; while he added: “I don’t know why they would choose another method if this one works very well for them.”.

Chinese regime hackers attack Kenyan government as tensions rise over 'debt trap'
Last May, Microsoft assured that hackers sponsored by the Chinese regime have been attacking critical infrastructure in the United States

Attacks by a group sponsored by the Chinese regime

Last May, Microsoft assured that Hackers sponsored by the Chinese regime have been attacking critical US infrastructure and they could be establishing the technical bases for a possible alteration of vital communications between the United States and Asia during future crises.

The targets included facilities in Guam, where the United States has a significant military presence, the company said.

Hostile activity in cyberspace—from espionage to pre-planting malware for potential future attacks—has become a hallmark of modern geopolitical rivalry.

Microsoft said in a blog that the Chinese state-backed hacker group, which it refers to as Volt Typhoonhas been in operations since mid-2021. He added that some of the organizations affected by the hacks—which seek persistent access— include the telecommunications, manufacturing, public services, transportation, construction, maritime, information technology and education sectors.

He also revealed that Volt Typhoon has been active since mid-2021. “Microsoft estimates, with moderate confidence, that This Volt Typhoon campaign pursues the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.“, he pointed.

“The observed behavior suggests that the threatening actor intended to spy and maintain access undetected for as long as possible,” he concluded.