"Microsoft observed new tactics, techniques and procedures (TTPs) following initial access via password spray attacks or social engineering," wrote the Microsoft research team.
"Between April and July 2024, Peach Sandstorm deployed a new custom multi-stage backdoor, Tickler, and leveraged Azure infrastructure hosted in fraudulent, attacker-controlled Azure subscriptions for command and control (C2)."
"Microsoft continuously monitors Azure, along with all Microsoft products and services, to ensure compliance with our terms of service," they said.
"Tickler appears to be being used by an Iran-backed advanced persistent threat (APT) actor, which Microsoft Threat Intelligence has dubbed Peach Sandstorm (aka APT33)."
Collection
[
|
...
]