Iranian Hackers Target Defense, Satellite, and Pharmaceutical Firms in Breach Attacks

Iranian-backed threat group APT33, also known as Peach Sandstorm, has been conducting password spray attacks since February 2023, targeting thousands of organizations worldwide, including those in the defense, satellite, and pharmaceutical sectors. The group has been active since 2013 and has shown interest in various industry verticals. Microsoft's Threat Intelligence team has observed the hackers using sophisticated tactics, such as exploiting unpatched appliances and using compromised Azure credentials. The attacks are believed to be aimed at facilitating intelligence collection in support of Iranian state interests. Password spray attacks have become increasingly popular, accounting for a significant number of enterprise account compromises.