October 12, 2021
Hackers linked to Iran tried to break into 250 Microsoft Office 365 accounts belonging to Israeli and American security companies using a hacking technique known as “password spraying,” the tech giant said Monday.
Microsoft did not elaborate on which companies were attacked.
Password spraying is a traditional brute force attack in which the hackers try to obtain access to as many accounts as possible by trying common passwords – each time from a different IP address. This allows them to evade some of the automatic defenses for protecting passwords and accounts. The goal is to find an account to enter the organization – and use it to continue on from the inside.
The Microsoft Threat Intelligence Center first observed and began tracking these efforts in late July 2021, and named the activity cluster DEV-O343.
Microsoft said the targets of the attacks were defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems.
Further activity has targeted customers in geographic information systems (GIS), spatial analytics, regional ports of entry in the Persian Gulf, and several maritime and cargo transportation companies with a business focus in the Middle East.
Microsoft said these attacks were identical to others conducted by hackers linked to Iran, alongside other signs that showed they acted under Iranian auspices.
“Less than 20 of the targeted tenants were successfully compromised, but DEV-0343 continues to evolve their techniques to refine its attacks,” Microsoft wrote in its blog post on the subject.
Microsoft said it has “directly notified customers that have been targeted or compromised, providing them with the information they need to secure their accounts.”
Israel is the seventh most-targeted country in the world for cyber-attacks, and last year the number of such attacks by Iran against Israel quadrupled, said a report from Microsoft released just a few days ago.