Cybersecurity

Iranian-Backed ATP33 Hacking Activities Reach Space

  • Reading time: 3 min
APT33 hackers, are a hacking group conducting extensive espionage operations against the space industry using a new backdoor.

APT33 hackers, also known as Peach Sandworm, are a hacking group conducting extensive espionage operations against the space industry using a new backdoor.

Surfacing claims say that the APT33 group, allegedly backed by Iran, is specifically targeting organizations and individuals of interest in the geopolitical and economic sector.

APT33 hackers are known for their advanced techniques, using sophisticated hacking tools to target their subjects.

With over a decade of activity, APT33 is experienced in strategic yet technically simple attacks like “password spraying.” Recently, the group developed more advanced hacking approaches, including destructive malware designed to disrupt industrial control systems.

On Wednesday, Microsoft reported that APT33 had developed custom malware, which the tech giant named “Tickler,” allowing them to establish remote access into victim networks. According to Microsoft, Tickler has been used in attacks against targets in the satellite, federal, and state government sectors in both the UAE and US.

“The Tickler malware isn’t necessarily a big step up in tactics, techniques, and procedures for this threat actor, but it does represent a clear and active development focus on taking action on objectives,” Microsoft’s director of threat intelligence, Sherrod DeGrippo told WIRED in a statement.

APT33 Hacker’s Tickler Malware

In its blog post, Microsoft highlighted that “Peach Sandstorm has been observed to use password spray attacks to gain access to targets of interest with a high level of success. The threat actor has also conducted intelligence gathering via LinkedIn, researching organizations and individuals employed in the higher education, satellite, and defense sectors.”

Microsoft researchers also found that the APT33 group used Tickler malware to manipulate Azure cloud infrastructures, gaining full access to targeted systems by exploiting their own Azure subscription.

Microsoft immediately informed affected users about the breach.

Since the beginning of 2023, researchers observed a rise in APT33 hackers’ “password spray activity against thousands of organizations.” In May 2024, the group intensified its focus on space, defense, and governmental agencies.

In the latest updates, Microsoft’s De Grippo highlighted that “this is not the first time Peach Sandstorm has shown interest in satellite-related targeting. This threat actor had [previously] pursued organizations in the satellite, defense, and pharmaceutical sectors around the globe.”

Cyberattacks on Space Satellites

In recent years, attacks attributed to APT33 have had some success, and this is not the first time where Iran has been accused of cyberattacks on space satellites, despite the Iranian government’s denial of any involvement.

Space-related infrastructure and systems are becoming prime targets for cyberattacks for several reasons.

Space assets are critical to national security and communications, making them valuable targets for attackers seeking sensitive data or to have control over important systems to gain power over rival countries.

In the Middle East, we witness this quite evidently, with Israel breaking telecom operator network of neighboring countries, especially Lebanon. In a region, constantly battling with wars and efforts of foreign occupations and network infiltrations, the unstable state of the region has further ignited cyberattacks.

Especially that cyberattacks are increasing in Middle Eastern countries due to the unstable geopolitical situation, space organization are getting targeted because they hold a lot of critical information that will provide some systems with secret information.

Final Thoughts

The Peach sandworm hacking group highlights a serious threat to space and other sectors. Their techniques are well developed and accurate. Despite the technological advancements they have, yet the advanced malware showcases vulnerability in these  important systems, which poses a serious question on the future of these systems.

Such systems hold critical data and information about national security, communications and maybe military operations, any breach in the system will immediately lead to a breach in their privacy.

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Intelligent Tech sections to stay informed and up-to-date with our daily articles.

Tags: