Peach Sandstorm is an Iranian nation-state group known to target organizations in multiple countries. As with any observed nation state actor activity, Microsoft directly notifies customers that have been targeted or compromised by Peach Sandstorm and provides them with the information they need to secure their accounts. Given the volume of activity, ongoing attempts to access targets of interest, and risks associated with post-compromise activity, Microsoft is reporting on this campaign to raise awareness of recent Peach Sandstorm tradecraft and empower organizations to harden their attack surfaces and defend against this activity. In a small number of intrusions, Peach Sandstorm was observed exfiltrating data from the compromised environment. In cases where Peach Sandstorm successfully authenticated to an account, Microsoft observed the group using a combination of publicly available and custom tools for discovery, persistence, and lateral movement. Based upon the profile of victim organizations targeted and the observed follow-on intrusion activity, Microsoft assesses that this initial access campaign is likely used to facilitate intelligence collection in support of Iranian state interests. Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and pharmaceutical sectors around the globe. Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out by an actor we track as Peach Sandstorm (HOLMIUM).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |