Home Microsoft exposes Iranian hackers using ‘Tickler’ malware against US and UAE defense targets

Microsoft exposes Iranian hackers using ‘Tickler’ malware against US and UAE defense targets

TLDR

  • Microsoft reports Iranian hackers targeting sectors in the US and UAE with custom malware.
  • The threat actor, linked to the IRGC, uses Microsoft Azure for espionage activities.
  • LinkedIn was also used for intelligence gathering, leading to account takedowns.

Microsoft has revealed that Iranian government-connected hackers are deploying custom malware to compromise targets operating in the satellite, communications equipment, oil and gas, and government sectors in the US and UAE.

In a  statement released on Wednesday (August 28), the tech giant said that the threat actor Peach Sandstorm had deployed a new custom multi-stage backdoor, which the firm dubbed “Tickler.”

Between April and July 2024, it used Microsoft’s own Azure cloud computing platform to deploy fraudulent, attacker-controlled subscriptions. This included using Microsoft Outlook email accounts and creating Azure for Students subscriptions.

“Microsoft assesses that Peach Sandstorm operates on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC) based on the group’s victimology and operational focus,” the report stated.

“Microsoft further assesses that Peach Sandstorm’s operations are designed to facilitate intelligence collection in support of Iranian state interests.”

A Microsoft spokesperson told ReadWrite that the latest report, “builds on research shared in September about the Peach Sandstorm’s password-spray espionage campaign – demonstrating a diversification of tactics.”

Password spray attacks

However, since at least February 2023, the company said it found Peach Sandstorm carrying out password spray activity against thousands of organizations. In password spray attacks, threat actors attempt to authenticate to many different accounts using a single password or a list of commonly used passwords.

From April to May this year, hackers reportedly used password spray attacks against organizations in the defense, space, education, and government sectors in the US and Australia.

Microsoft admitted that Peach Sandstorm had “successfully compromised several organizations, primarily in the aforementioned sectors, using bespoke tooling” in the past year.

LinkedIn vulnerabilities

The professional social networking platform LinkedIn, which is owned by Microsoft, was also targeted. From at least November 2021 to mid-2024, hackers reportedly conducted intelligence gathering through the site, researching organizations and individuals employed in the same industries. The company said the identified LinkedIn accounts were subsequently taken down.

In February, Microsoft and OpenAI stated that threat actors from North Korea, China, Iran, and Russia had used ChatGPT to trick users on LinkedIn into providing sensitive information and data.

UPDATED: Microsoft spokesperson’s response to ReadWrite has been added.

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.