Microsoft warned on Monday that a group of Iranian or pro-Iranian hackers it has been tracking has been trying to breach numerous Microsoft Office 365 accounts through password-guessing attacks targeting and at times compromising systems of US and Israeli defense technology companies.
Follow Israel Hayom on Facebook and Twitter
In a blog post, Microsoft's Threat Intelligence Center and Digital Security Unit assessed that a new cyber "activity cluster" linked to Iran had targeted hundreds of Microsoft Office 365 accounts beginning in July tied to groups including US and Israeli defense companies, Persian Gulf entry ports, and global maritime transportation companies.
The hackers have been targeting US, EU, and Israeli defense companies that produce "military-grade radars, drone technology, satellite systems and emergency response communication systems," the company wrote, according to PCMag.
Microsoft said the hacking group has been using these "password-spraying" attacks on 250 Office 365 "tenants." These tenants encompass an entire organization's resources, including employee user accounts, under a Microsoft cloud service.
Password-spraying attacks involve learning a user's email address and then attempting numerous passwords over several hours or days to try and break in.
"Less than 20 of the targeted tenants were successfully compromised," Microsoft added.
The company has dubbed the hacking group DEV-0343. Other targets have included Persian Gulf ports of entry and global maritime transportation companies in the Middle East.
"Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans," the company said. "Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program."
To stop the attacks, Microsoft encouraged its clients to enable multi-factor authentication on their accounts. This requires anyone logging on to type in both the correct password, and provide another mode of authentication, usually a one-time passcode generated over the account owner's smartphone.
The blog post by Microsoft's Threat Intelligence Center and Digital Security Unit was published less than a week after the tech giant released its annual Digital Defense Report, in which the company detailed efforts by Iran to use destructive attacks, mainly against Israel, amid mounting regional tensions.
"This year marked a near quadrupling in the targeting of Israeli entities, a result exclusively of Iranian actors, who focused on Israel as tensions sharply escalated between the adversaries," the report stated.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
