Microsoft publicly reveals series of coordinated cyberattacks on U.S., Israel originating from Iran

There is little question that the Islamic Republic of Iran is a chief enemy and rival of the United States and its closest ally in the Middle East, Israel, which the theocratic regime in Tehran has vowed to wipe off the face of the earth.

It should come as no surprise then that Microsoft recently revealed its tracking of Iranian hackers who’d targeted hundreds of Microsoft Office 365 accounts belonging to U.S. and Israeli defense tech firms as well as entities involved in maritime shipping and ports of entry in and around the Persian Gulf, Breitbart reported.

The hackers were said to have used a technique known as “password spraying,” which involves repeated attempts to gain access to a particular account by hitting it with a variety of different common passwords, often with each attempt appearing to originate from a different proxy IP address to mask the connections and true origins of the cyberattack.

Cyberattacks exposed

In a blog post on Monday, Microsoft publicly revealed an “activity cluster” linked to Iran that had been dubbed “DEV-0343” by the Microsoft Threat Intelligence Center (MSTIC) after first being identified in July.

“MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East,” the blog stated while it was also noted that fewer than 20 of the targeted “tenants” were actually compromised by the hacks.

Targeted in the attacks were “defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems,” among others.

“This activity likely supports the national interests of the Islamic Republic of Iran based on pattern-of-life analysis, extensive crossover in geographic and sectoral targeting with Iranian actors, and alignment of techniques and targets with another actor originating in Iran,” the post added.

The post went on to provide more technically detailed explanations of what had been observed and what could be done to defend against such attacks in the future.

Iran a top threat

The blog post disclosing the Iranian hack attacks on certain Microsoft Office 365 users came just a few days after Microsoft had released its Digital Defense Report for 2021.

Notably, while that report revealed that a majority (58%) of nation-state cyberattacks had originated from Russia, Iran was listed along with North Korea and China as being responsible for the next highest volume of such attacks.

More specifically with regard to Iran, the report further revealed that Iranian attacks targeting Israel had quadrupled since the prior year’s report.

Thankfully, it would appear that the Iranian cyberattacks don’t have a particularly stellar rate of success, and hopefully now that the attacks have been revealed and defense mechanisms recommended, any continued cyberattacks from Iran will prove even more fruitless and unsuccessful.

Share on facebook
Share To Facebook

Welcome to our comments section. We want to hear from you!

Any comments with profanity, advocacy of violence, harassment, personally identifiable information or other violations will be removed. If you feel your comment has been removed in error please contact us!

Latest Posts