Iran-Linked Threat Actors Are Targeting Office 365 Tenants of U.S., Israeli Defense Technology Companies in Password Spraying Attacks
Microsoft Azure mitigated the largest DDoS attack to date, Apple issues emergency fix for iOS and iPad OS zero-day exploited in the wild, Ukraine arrests suspect for running a giant botnet, much more
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) say that Iran-linked threat actors are targeting the Office 365 tenants of U.S. and Israeli defense technology companies in extensive password spraying attacks.
The ongoing malicious activity, which Microsoft temporarily dubbed DEV-0343, aligns with Iranian national interests based on techniques and targets of another Iran-linked threat actor. It is also linked to Iran based on pattern-of-life analysis and an extensive crossover in sectoral and geographic targeting with other Iranian hacking groups.
"Targeting in this DEV-0343 activity has been observed across defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems,” Microsoft says. Companies exposed to this activity are encouraged to look for DEV-0343 behaviors and tactics in logs and network activit…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.