Iran-Linked Hackers Target Microsoft 365 Accounts for Widespread Compromise
Microsoft 365 Accounts Targeted in Ongoing Password Spraying Campaign
In a coordinated effort, Iran-linked hackers have compromised over 300 Microsoft 365 environments in Israel and more than 25 in the United Arab Emirates, along with a smaller number of organizations in the US, Saudi Arabia, and Europe.
According to sources, this compromise appears to be linked to password spraying campaigns initiated through Tor exit nodes as early as March.
The primary objective of these attacks is believed to support operational activities such as kinetic operations and damage assessments.
- Duration: The password spraying campaign began in early March.
- Geographical scope: Over 300 organizations in Israel, more than 25 in the UAE, and a limited number in the US, Saudi Arabia, and Europe have been affected.
- Methodology: Attackers used Tor exit nodes to scan for weak passwords and subsequently logged in using VPN IP addresses geolocated in Israel.
- Objective: The primary goal of these attacks appears to support operational activities such as kinetic operations and damage assessments.
This campaign comes amidst other notable incidents involving Iran-linked hacking groups, including the recent leak of FBI Director Kash Patel’s personal emails and the breach of Stryker, a leading US medical device manufacturer.
About Author
English