Cyber Threat Report: 'Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention'
| Report Author | Palo Alto Unit 42 |
|---|---|
| Publication Date | 2024-03-21 |
| Original Reporting | Source |
| Attributed to Nation | Iran |
| Related Intrusion Sets | Peach Sandstorm , Refined Kitten , APT33 , Curious Serpens |
| Victim Sectors | Aerospace, Defense |
This article by researchers at Unit 42 discusses the FalseFont backdoor used by Curious Serpens, an Iranian-affiliated espionage group targeting aerospace and energy sectors. Curious Serpens, also known as Peach Sandstorm, APT33 and REFINED KITTEN has been active since at least 2013, focusing on espionage in various regions. The post provides a technical analysis of FalseFont, detailing its capabilities which include credential theft, file upload/download and screen capture.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph