Iran-linked hackers have targeted the US and Israeli defense companies, Microsoft said on Monday. Hackers that the company has been tracking since July and the one that has successfully compromised approximately twenty targets, are likely supporting Iranian national interests.
Iran-linked threat actors have been conducting extensive password spraying against more than 250 Office 365 tenants, focusing on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East. A handful of targets were successfully compromised.
Microsoft Threat Intelligence Center (MSTIC) temporarily named Iran-linked threat actors DEV-0343 activity cluster, which they have started tracking in late July 2021.
“Less than 20 of the targeted tenants were successfully compromised, but DEV-0343 continues to evolve their techniques to refine its attacks. MSTIC noted that Office 365 accounts with multi-factor authentication (MFA) enabled are resilient against password sprays,” Microsoft detailed in its blog.
The company highlighted that this activity supports Iranian national interests - government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans.
“This activity likely supports the national interests of the Islamic Republic of Iran based on pattern-of-life analysis, extensive crossover in geographic and sectoral targeting with Iranian actors, and alignment of techniques and targets with another actor originating in Iran,” Microsoft said.
DEV-0343 has targeted defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems. Further activity has targeted customers in geographic information systems (GIS), spatial analytics, regional ports of entry in the Persian Gulf, and several maritime and cargo transportation companies with a business focus in the Middle East.
“Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program. Given Iran’s past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors, and we encourage our customers in these industries and geographic regions to review the information shared in this blog to defend themselves from this threat,” Microsoft said.
More from CyberNews:
Subscribe to our newsletter