On 21 December 2023, Microsoft Threat Intelligence team published an X post which attributes a novel backdoor dubbed "FalseFont" to APT33 (a.k.a. "Refined Kitten," "Peach Sandstorm").
Microsoft-provided intelligence indicates FalseFont is being actively used in an Iranian state-sponsored global espionage operation which targets defense contractors globally. The backdoor was first observed as early as November 2023.
Earlier this year, Microsoft reported a vast Iran-backed campaign targeting satellite, defense, and pharmaceutical sectors via password spraying attacks.