Protecting MSPs and Mid-Market Companies from ‘FalseFont' Backdoor Attacks


A new backdoor named "FalseFont" has been discovered, attributed to the Iranian hacking group Peach Sandstorm. This backdoor poses a significant threat to Managed Service Providers (MSPs) and mid-market companies, particularly those with limited cybersecurity measures. Peach Sandstorm is a global threat actor known for sophisticated cyberattacks since 2013, targeting sectors like defense, aerospace, and energy.

The report suggests that MSPs and mid-market organizations are at high risk due to limited cybersecurity resources. Compromising an MSP is strategic for hackers as it provides access to multiple networks. Effective measures to protect against FalseFont include implementing a layered security approach involving network security solutions, endpoint security tools, multi-factor authentication, brute force attack protection, security awareness training, and an incident response plan. These measures aim to enhance overall defense against sophisticated cyber threats.

Security Officer Comments:
FalseFont is a custom-built backdoor developed in 2023, capable of remotely controlling Windows systems, stealing data, downloading and executing files, or disrupting operations. The backdoor can infiltrate systems through spear-phishing emails, supply chain attacks, or zero-day exploits.

Suggested Corrections:
Companies may want to consider implementing an array of preventative measures to thwart attacks like these, including network and endpoint security, MFA, and security awareness training.