New CTI Labs: Threat Actor - Peach Sandstorm and Tickler Malware
Today we have released two brand new labs related to the Threat Actor Peach Sandstorm and the newly discovered Tickler Malware!
Peach Sandstorm is a suspected Iranian state-sponsored threat actor that primarily targets organizations in the satellite, communications equipment, oil and gas, and federal and state government sectors in the United States and the United Arab Emirates.
Why have we created this content?
Microsoft recently reported on this threat actor evolving its tradecraft and using a new multi-stage backdoor called Tickler. This threat actor also uses password-spraying to obtain credentials to Azure services to persist and repurpose them into command and control infrastructure. Targets of interest involve the United States, Western Europe, and the United Arab Emirates.
What are we publishing?
All customers on a CyberPro License have immediate access to these new labs.
Who is this content for?
These labs are focused on upskilling and increasing the defensive capabilities of the following roles:
- SOC Analysts
- Incident Responders
- Cyber Threat Intelligence Analysts
- Threat Hunters
- Malware Analysts