{"id":5053,"date":"2024-08-28T10:00:00","date_gmt":"2024-08-28T15:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81550"},"modified":"2024-08-28T10:00:00","modified_gmt":"2024-08-28T15:00:00","slug":"iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/28\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says\/","title":{"rendered":"Iranian hackers \u2018tickle\u2019 targets in US, UAE with custom tool, Microsoft says"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Iranian hackers \u2018tickle\u2019 targets in US, UAE with custom tool, Microsoft says | CyberScoop<\/title> <meta name=\"description\" content=\"Peach Sandstorm is said to have focused on the oil and gas, satellite, government and communications sectors.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Iranian hackers \u2018tickle\u2019 targets in US, UAE with custom tool, Microsoft says\"> <meta property=\"og:description\" content=\"Peach Sandstorm is said to have focused on the oil and gas, satellite, government and communications sectors.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-08-28T15:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-08-28T12:59:27+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1143\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721926675g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1724181137g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1724269863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81550\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81550\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firanian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firanian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81550 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards!&nbsp;<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.529010238908\">\n<div class=\"single-article__header-content\" readability=\"31.831896551724\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> Peach Sandstorm is said to have focused on the oil and gas, satellite, government and communications sectors. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"381\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says.jpg?resize=640%2C381&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=300,179 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=768,457 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=1024,610 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=1536,914 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=600,357 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=282,168 282w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=566,337 566w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=1134,675 1134w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-2.jpg?resize=1416,843 1416w\" sizes=\"(max-width: 1134px) 100vw, 1134px\"><figcaption> Niger River, Segou, Segou, Mali; Sascha Grabow, Getty Images <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"22.202529182879\"><body readability=\"47.051917680075\"><\/p>\n<p>Iranian government-connected hackers are deploying custom malware to compromise targets in the satellite, oil and gas, communications and government sectors in the United States and United Arab Emirates, <a href=\"https:\/\/aka.ms\/peach-sandstorm-tickler\">according to research Microsoft published<\/a> on Wednesday.<\/p>\n<p>It\u2019s the latest evidence of ever-expanding Iranian aggression in cyberspace, coming shortly after revelations about how hackers from the country have <a href=\"https:\/\/cyberscoop.com\/iran-trump-campaign-hack-odni-statement\/\">targeted both parties<\/a> in the 2024 U.S. presidential race.<\/p>\n<p>The group that\u2019s at the center of Wednesday\u2019s report \u2014 which Microsoft calls Peach Sandstorm but is also known as APT33 and Refined Kitten, among&nbsp; other monikers \u2014 very recently deployed the custom backdoor malware dubbed Tickler. Microsoft observed Tickler activity from April to July. It relies on infrastructure from Microsoft\u2019s own Azure cloud computing platform, using fraudulent, attacker-controlled subscriptions.<\/p>\n<p>\u201cMicrosoft assesses that Peach Sandstorm operates on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC) based on the group\u2019s victimology and operational focus,\u201d the company said in its report. \u201cMicrosoft further assesses that Peach Sandstorm\u2019s operations are designed to facilitate intelligence collection in support of Iranian state interests.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Tickler attacks follow recent password spray attacks, which seek to use common passwords to compromise a wide array of accounts. Peach Sandworm <a href=\"https:\/\/cyberscoop.com\/iran-peach-sandstorm-apt33\/\">has a history<\/a> of using that method to penetrate targets, and Microsoft saw such attacks as recently as April and May. Microsoft said the group targeted the defense, space, education, and government sectors in the United States and Australia.<\/p>\n<p>The attacks appear to have had some success. \u201cIn the past year, Peach Sandstorm has successfully compromised several organizations, primarily in the aforementioned sectors using bespoke tooling,\u201d the report states.<\/p>\n<p>Government agencies and industry have been devoting more attention to the space sector, although <a href=\"https:\/\/cyberscoop.com\/space-critical-infrastructure\/\">some think<\/a> they should be taking other steps to protect it.<\/p>\n<p>The Iranian government routinely denies any connection to overseas hacking operations.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says-1.jpg?w=640&#038;ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he&#8217;s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/iranian-hackers-tickle-targets-in-us-uae-with-custom-tool-microsoft-says\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iranian hackers \u2018tickle\u2019 targets in US, UAE with custom tool,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2523,1412,2524,302,117,513,625,2198,1578,2525,2526,539,260,288,2293],"tags":[2527,1418,2528,306,119,517,630,2210,1581,2529,2530,542,266,294,2302],"class_list":["post-5053","post","type-post","status-publish","format-standard","hentry","category-apt33","category-election-2024","category-gas","category-geopolitics","category-government","category-iran","category-microsoft","category-microsoft-azure","category-oil","category-peach-sandstorm","category-refined-kitten","category-satellite","category-space","category-threats","category-united-arab-emirates-uae","tag-apt33","tag-election-2024","tag-gas","tag-geopolitics","tag-government","tag-iran","tag-microsoft","tag-microsoft-azure","tag-oil","tag-peach-sandstorm","tag-refined-kitten","tag-satellite","tag-space","tag-threats","tag-united-arab-emirates-uae"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt33\/\" rel=\"category tag\">APT33<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/election-2024\/\" rel=\"category tag\">Election 2024<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gas\/\" rel=\"category tag\">gas<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-azure\/\" rel=\"category tag\">Microsoft Azure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/oil\/\" rel=\"category tag\">oil<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/peach-sandstorm\/\" rel=\"category tag\">Peach Sandstorm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/refined-kitten\/\" rel=\"category tag\">Refined Kitten<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/satellite\/\" rel=\"category tag\">satellite<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/space\/\" rel=\"category tag\">space<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-arab-emirates-uae\/\" rel=\"category tag\">United Arab Emirates (UAE)<\/a>","tag_info":"United Arab Emirates (UAE)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5053"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5053\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}