![](https://static.wixstatic.com/media/34c96e_b04b08bdc2a54a19b9a57506c68787bc~mv2.jpg/v1/fill/w_147,h_147,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_auto/34c96e_b04b08bdc2a54a19b9a57506c68787bc~mv2.jpg)
On 21 December 2023, Microsoft Threat Intelligence team published an X post which attributes a novel backdoor dubbed "FalseFont" to APT33 (a.k.a. "Refined Kitten," "Peach Sandstorm").
![](https://static.wixstatic.com/media/34c96e_79abca925459485ca27a2b9de877fdfd~mv2.png/v1/fill/w_74,h_25,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/34c96e_79abca925459485ca27a2b9de877fdfd~mv2.png)
Microsoft-provided intelligence indicates FalseFont is being actively used in an Iranian state-sponsored global espionage operation which targets defense contractors globally. The backdoor was first observed as early as November 2023.
Earlier this year, Microsoft reported a vast Iran-backed campaign targeting satellite, defense, and pharmaceutical sectors via password spraying attacks.