A warning has been issued by Microsoft threat researchers regarding a new backdoor malware called Tickler that is being used against targets in various sectors in the United States and United Arab Emirates. The malware is believed to be linked to an Iran-backed group known as Peach Sandstorm. Microsoft has identified new tactics used by Peach Sandstorm, including deploying Tickler to gain access to networks.
Tickler is a multi-stage backdoor malware that helps Peach Sandstorm gain a foothold in target networks. It collects network information and downloads payloads from a command and control server. The group has compromised several organizations using Tickler for various purposes.
Microsoft has provided steps for at-risk organizations to defend against attacks by Peach Sandstorm, including resetting credentials, enabling multi-factor authentication, and implementing best practices for Azure security.
For more information and guidance, visit Microsoft’s website.