Microsoft Threat Intelligence Podcast

Peach Sandstorm

Oct 11, 2023

41:59

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Threat Intelligence Analyst Simeon Kakpovi, Intelligence Analyst Lauren Podber, and Senior Hunt Analyst Emiel Haeghebaert. In this episode, Sherrod and guests explore the evolving nature of the Iranian APT group known as "Peach Sandstorm." They discuss how they mature over time while providing valuable insights into APT actors and their evolving strategies. They discuss techniques such as password spraying and the next steps attackers take to establish persistence within the victim's environment. Sherrod also highlights Iran's unique approach to cyber operations, where they exhibit creativity and perseverance in achieving their objectives, even when they may only sometimes be the most technically sophisticated group among nation-state actors.

In this episode you’ll learn:

The contrast between APT actors and cybercriminals
How organizations can protect themselves against password spray attacks
The importance for defenders to understand the motivations and tactics of APT actors

Some questions we ask:

What is the difference between a brute force attack and a password spray attack?
How does Iran's cyber capabilities compare to those of other countries?
What are some key differences between Iran and APT actors like Russia and China?

Resources:

How Microsoft Names Threat Actors

Peach Sandstorm

View Simeon Kakpovi on LinkedIn

View Lauren Podber on LinkedIn

View Emiel Haeghebaert on LinkedIn

View Sherrod DeGrippo on LinkedIn

Peach Sandstorm

Ingredients:

- 1 ripe peach, peeled and pitted

- 1 1/2 oz Arak (a traditional Middle Eastern aniseed-flavored spirit)

- 1 oz fresh lemon juice