BleepingComputer reports that attacks with the novel Tickler malware have been launched by Iranian nation-state hacking group APT33, also known as Peach Sandstorm and Refined Kitten, against oil and gas, government, defense, and satellite organizations across the U.S. and United Arab Emirates as part of intelligence operations from April to July.

APT33 leveraged now-disrupted Microsoft Azure subscriptions to commence password spraying attacks against the targeted entities, while using compromised education sector accounts to obtain additional infrastructure that was then utilized for succeeding malware intrusions against the government, space, and defense industries, an analysis from Microsoft revealed. Such a development comes months after a similar technique had been employed by APT33 to compromise defense contractors around the world with the FalseFont malware. APT33 had also been reported by Microsoft to have breached defense, pharmaceutical, and satellite industry organizations following password spray intrusions against thousands of organizations around the world since February 2023.