top of page
  • Clipeus

APT33 Targets Defense Contractors

On 21 December 2023, Microsoft Threat Intelligence team published an X post which attributes a novel backdoor dubbed "FalseFont" to APT33 (a.k.a. "Refined Kitten," "Peach Sandstorm").

Microsoft X Post, 21 December 2023

Microsoft-provided intelligence indicates FalseFont is being actively used in an Iranian state-sponsored global espionage operation which targets defense contractors globally. The backdoor was first observed as early as November 2023.

Earlier this year, Microsoft reported a vast Iran-backed campaign targeting satellite, defense, and pharmaceutical sectors via password spraying attacks.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page