{"id":53687,"date":"2023-09-15T16:15:03","date_gmt":"2023-09-15T16:15:03","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs"},"modified":"2023-09-15T16:15:03","modified_gmt":"2023-09-15T16:15:03","slug":"microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/","title":{"rendered":"Microsoft: ‘Peach Sandstorm’ Cyberattacks Target Defense, Pharmaceutical Orgs"},"content":{"rendered":"
<\/div>\n

A global cyber-espionage campaign conducted by the Iranian nation-state actor known as Peach Sandstorm (aka Holmium) has successfully plucked targets in the satellite, defense, and pharmaceutical sectors, Microsoft is warning. <\/p>\n

The cyber offensive has been active since February, according to a blog post from Microsoft Threat Intelligence<\/a>, which concluded that the campaign used masses of password spray attacks between February and July to authenticate to thousands of environments and exfiltrate data, all in support of Iranian state interests.<\/p>\n

The password spray method of attack is a type of brute-force method used by hackers to gain unauthorized access to user accounts and systems. Password spraying involves attempting to access multiple accounts using common passwords, reducing the risk of account lockouts.<\/p>\n

A Stealthy Cyber-Espionage Campaign From Iran<\/h2>\n

Once a target was compromised, the advanced persistent threat (APT) employed a combination of publicly available and custom tools for activities including reconnaissance, persistence, and lateral movement. <\/p>\n

“Many of the cloud-based tactics, techniques, and procedures (TTPs) seen in these most recent campaigns are materially more sophisticated than capabilities used by Peach Sandstorm in the past,” the report explained.<\/p>\n

The attackers, conducting the attacks from Tor IPs and utilizing a “go-http-client” user agent, conducted reconnaissance using tools such as AzureHound and Roadtools, exploiting Azure resources for persistence.<\/p>\n

“In later stages of known compromises, the threat actor used different combinations from a set of known TTPs to drop additional tools, move laterally, and ultimately exfiltrate data from a target,” the report continued.<\/p>\n

An additional attack method took the form of remote exploitation of vulnerable applications, whereby Peach Sandstorm attempted to exploit known remote code execution (RCE) vulnerabilities in Zoho ManageEngine (CVE-2022-47966)<\/a> and Atlas Confluence (CVE-2022-26134)<\/a> to gain initial access. Both bugs are popular with APTs of all stripes<\/a>.<\/p>\n

In post-compromise activity, Peach Sandstorm used a variety of tactics, such as deploying AnyDesk for remote monitoring and management, conducting Golden SAML attacks<\/a> to bypass authentication, hijacking DLL search orders, and using custom tools such as EagleRelay for tunneling traffic.<\/p>\n

The report added that the campaign is particularly concerning because Peach Sandstorm leveraged legitimate credentials validated through the password spray attacks to stealthily create new Azure subscriptions within target environments and used Azure Arc to maintain control over compromised networks.<\/p>\n

Resetting Passwords, Revoking Sessions Cookies in Defense<\/h2>\n

“As Peach Sandstorm increasingly develops and uses new capabilities, organizations must develop corresponding defenses to harden their attack surfaces and raise costs for these attacks,” the report noted.<\/p>\n

To defend against Peach Sandstorm’s activities, Microsoft advised organizations to reset passwords, revoke session cookies, and strengthen multifactor authentication (MFA).<\/p>\n

The company also recommended maintaining strong credential hygiene and monitor for identity-based risks.<\/p>\n

Transitioning to passwordless authentication methods and securing endpoints with MFA can also mitigate risks, while safeguarding Active Directory FS servers<\/a> is crucial to protect against Golden SAML attacks.<\/p>\n

Roger Grimes, data-driven defense evangelist at KnowBe4, explains password spray attacks don’t work when users use unique, strong, passwords for every site and service, or multifactor authentication.<\/p>\n

But “most sites and services don’t accept MFA, at least not yet,” he adds. “That’s why every user should use a good password manager.”<\/p>\n

Iranian Actors Are a Persistent Threat<\/h2>\n

Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets’ perceptions and behavior, according to the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), which has moved to sanction the Iranian government<\/a> for its cybercrime activities.<\/p>\n

Last week, US Cyber Command revealed that Iranian state-sponsored threat actors had exploited a US aeronautical organization<\/a>, again using the ManageEngine flaw.<\/p>\n

In June, it was discovered that the APT35 group (aka Charming Kitten) has added backdoor capabilities<\/a> to their spear-phishing payloads \u2014 and targeted an Israeli reporter with it.<\/p>\n

A recent attack by a threat group calling itself Holy Souls in which the group accessed a database belonging to satirical French magazine Charlie Hebdo and threatened to dox more than 200,000 subscribers, was the work of Iranian state-actor Neptunium, Microsoft announced in February<\/a>.<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-53687","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nMicrosoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-15T16:15:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb91a4462a2638189\/65047b284c31852c8a4d1384\/peaches-Piotr_Malczyk-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft: ‘Peach Sandstorm’ Cyberattacks Target Defense, Pharmaceutical Orgs\",\"datePublished\":\"2023-09-15T16:15:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/\"},\"wordCount\":685,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb91a4462a2638189\\\/65047b284c31852c8a4d1384\\\/peaches-Piotr_Malczyk-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/\",\"name\":\"Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb91a4462a2638189\\\/65047b284c31852c8a4d1384\\\/peaches-Piotr_Malczyk-Alamy.jpg\",\"datePublished\":\"2023-09-15T16:15:03+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb91a4462a2638189\\\/65047b284c31852c8a4d1384\\\/peaches-Piotr_Malczyk-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb91a4462a2638189\\\/65047b284c31852c8a4d1384\\\/peaches-Piotr_Malczyk-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft: ‘Peach Sandstorm’ Cyberattacks Target Defense, Pharmaceutical Orgs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-09-15T16:15:03+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb91a4462a2638189\/65047b284c31852c8a4d1384\/peaches-Piotr_Malczyk-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft: ‘Peach Sandstorm’ Cyberattacks Target Defense, Pharmaceutical Orgs","datePublished":"2023-09-15T16:15:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/"},"wordCount":685,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb91a4462a2638189\/65047b284c31852c8a4d1384\/peaches-Piotr_Malczyk-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/","name":"Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb91a4462a2638189\/65047b284c31852c8a4d1384\/peaches-Piotr_Malczyk-Alamy.jpg","datePublished":"2023-09-15T16:15:03+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb91a4462a2638189\/65047b284c31852c8a4d1384\/peaches-Piotr_Malczyk-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb91a4462a2638189\/65047b284c31852c8a4d1384\/peaches-Piotr_Malczyk-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-peach-sandstorm-cyberattacks-target-defense-pharmaceutical-orgs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft: ‘Peach Sandstorm’ Cyberattacks Target Defense, Pharmaceutical Orgs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53687"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53687\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}