Microsoft on Monday released evidence showing Iranian-linked hackers targeting and at times compromising systems of U.S. and Israeli defense technology companies.
In a blog post, Microsoft’s Threat Intelligence Center and Digital Security Unit assessed that a new cyber “activity cluster” linked to Iran had targeted hundreds of Microsoft Office 365 accounts beginning in July tied to groups including U.S. and Israeli defense companies, Persian Gulf entry ports, and global maritime transportation companies.
Microsoft also observed targeting by the Iranian-linked hackers of defense companies that work with U.S., European Union and Israeli government partners on producing technology such as drones, satellites and emergency response communications systems.
Most of the targeting, which involved the hackers using “password spraying,” was unsuccessful, and Microsoft noted that fewer than 20 organizations were compromised and that those customers had been notified.
“Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans,” the blog post reads. “Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program.”
“Given Iran’s past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors, and we encourage our customers in these industries and geographic regions to review the information shared in this blog to defend themselves from this threat,” it adds.
The hackers were observed by Microsoft to be most active during business hours in Iran and typically target between a dozen and hundreds of email accounts from one organization at a time. Microsoft stressed that accounts using multifactor authentication were “resilient” against the hacking efforts.
The blog was published less than a week after Microsoft released its annual Digital Defense Report, in which the company detailed efforts by Iran to use destructive attacks, mainly against Israel, as tensions built.
“This year marked a near quadrupling in targeting of Israeli entities, a result exclusively of Iranian actors, who focused on Israel as tensions sharply escalated between the adversaries,” the report states.
Iran has long been viewed as one of the four most dangerous nations in cyberspace and has used cyber operations to accomplish goals in the past. Microsoft put out a warning last year that an Iranian threat group was targeting personal accounts of staffers on the 2020 reelection campaign of former President Trump.
Earlier this year, cybersecurity group Proofpoint released a report detailing how a hacking group associated with the Iranian government had targeted medical researchers in the U.S. and Israel beginning last year.