Microsoft has reported a significant cyber espionage campaign orchestrated by the Iranian group known as Peach Sandstorm, which targeted thousands of organizations in the satellite, defense, and pharmaceutical sectors. The group utilized high-volume password spray attacks and exploited known vulnerabilities in specific software products, showcasing an evolution towards more sophisticated techniques. 

An Iranian cyber espionage group, tracked by Microsoft as Peach Sandstorm, has compromised dozens of entities. The group targeted organizations in the satellite, defense, and pharmaceutical sectors, extracting data from some. The campaign utilized high-volume password spray attacks, initiating in February. The extent of the operation, involving thousands of organizations, was detailed in a recent (15 SEP 2023) Microsoft report.


The Peach Sandstorm group has a history linked to significant cyber-attacks, including the notorious Shamoon malware attacks on Saudi Aramco in 2012. While the recent targets’ geographical locations remain undisclosed, past activities surged amidst heightened U.S.-Iran tensions.


The group, also known as Holmium, APT33, or Elfin, has evidently evolved, showcasing more sophisticated techniques in their recent endeavors. The disclosure of this hacking activity coincides with emerging U.S.-Iran negotiations. The deal under discussion involves a $6 billion transfer of frozen Iranian oil funds and a prisoner exchange between the two nations. The recent cyber espionage revelation, however, might cast a shadow on the delicate diplomatic proceedings, adding a layer of complexity and mistrust in the ongoing dialogues.


The hacking campaign, active from February to July this year, displayed an increased capability with stealthier methods post initial access through noisy password spray attacks. The operations predominantly occurred between 9 a.m. and 5 p.m. Iran Standard Time, exploiting vulnerabilities in Zoho ManageEngine products and the Confluence Server and Data Center. Microsoft emphasizes the concerning nature of the evolving tactics of Peach Sandstorm, urging for heightened vigilance.

Leave a Reply

Your email address will not be published. Required fields are marked *