Liam Tung
| October 12, 2021
| Topic: Security
Windows 11: Everything you need to know
Watch Now
Microsoft says 250 Office 365 customers in the US and Israeli defense technology sector have bee targeted with ‘password-spraying’ attacks, where attackers try to access many accounts with commonly used passwords. The technique relies on people using variations of common passwords.
The password attacks focussed on critical infrastructure companies operating in the Persian Gulf and were carried out by a group Microsoft is tracking as DEV-0343 – most likely a new group from Iran.
The ‘DEV’ tag indicates that the group is not a confirmed state-sponsored attack group, but it could become one eventually.
SEE: BYOD security warning: You can’t do everything securely with just personal devices
The Microsoft Threat Intelligence Center (MSTIC) said it had observed DEV-0343 “conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.”
Microsoft said “less than 20” of the targeted tenants were successfully compromised.
The risk of compromise from password-spraying attacks is significantly reduced for organizations that roll out multi-factor authentication.
The hacking group targeted companies that support US, European Union and Israeli organizations producing military radars, drones, satellite systems, and emergency response communication systems, as well as geographic information systems (GIS), spatial analytics, Persian Gulf ports, and maritime and cargo transportation companies in the region.
“Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans. Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program,” Microsoft said.
Microsoft last week raised a red flag over Russian state-sponsored hacking, labelling Russia’s intelligence hackers the most active cyber threat in the world. Not only are Kremlin-backed hackers more prolific, they’re also increasingly effective, according to Microsoft. It also flagged a significant uptick in Iranian hacks against Israeli organizations.
“This year marked a near quadrupling in the targeting of Israeli entities, a result exclusively of Iranian actors, who focused on Israel as tensions sharply escalated between the adversaries,” Microsoft noted in its latest Digital Defense Report.
Its latest warning to US and Israeli organizations operating in the Middle East says they should be on the lookout for suspicious Tor connections to their networks.
Related Topics:
Microsoft
Security TV
Data Management
CXO
Data Centers
Liam Tung
| October 12, 2021
| Topic: Security