Microsoft says hackers linked to Iran targeted U.S. and Israeli defense companies

News
By
published

Microsoft says a recent attack on maritime and defense companies "likely supports the national interests of the Islamic Republic of Iran."

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft discovered threat actors targeting U.S. and Israeli defense technology companies and global maritime transportation companies.
  • The attack utilized password spraying against more than 250 Office 365 tenants.
  • Microsoft claims that the activity "likely supports the national interests of the Islamic Republic of Iran."

Microsoft released its Digital Defense Report last week. That report focused largely on activities from China, Russia, North Korea, Iran, and other countries. This week, Microsoft issued an advisory on malicious activity that it believes "likely supports the national interests of the Islamic Republic of Iran."

Threat actors focused their efforts on U.S. and Israeli defense technology companies and global maritime transportation companies, according to Microsoft. Attackers utilized password spraying against more than 250 Office 365 tenants. Less than 20 of the targeted tenants were compromised by the attack.

Microsoft did not directly implicate the Iranian government in its report. Instead, it stated that the activity likely supports the interests of Iran:

This activity likely supports the national interests of the Islamic Republic of Iran based on pattern-of-life analysis, extensive crossover in geographic and sectoral targeting with Iranian actors, and alignment of techniques and targets with another actor originating in Iran. Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans.

Microsoft first observed the activity and started tracking it in July 2021. Microsoft believes this attack increases the risk of companies in the maritime and shipping sectors. The company points towards Iran's past cyber and military attacks against these types of organizations. It adds that "gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program."

A set of recommended defenses is listed in Microsoft's blog post, including enabling multifactor authentication and moving to passwordless solutions, such as Microsoft Authenticator.

John Lambert, head of Microsoft Threat Intelligence Center, told CNN that the goal of releasing the information is to help organizations prepare for follow-up attacks. Lambert explained that threat actors could use information stolen in previous attacks to break into networks.

CATEGORIES
Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.