Security News > 2021 > October > Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms

An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting U.S., E.U., and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East.

Microsoft is tracking the hacking crew under the moniker DEV-0343.

DEV-0343's Iranian connection is based on evidence of "Extensive crossover in geographic and sectoral targeting with Iranian actors, and alignment of techniques and targets with another actor originating in Iran," researchers from Microsoft Threat Intelligence Center and Digital Security Unit said.

The Redmond-based tech giant also pointed out the password spraying tool's similarities to that of "o365spray," an actively updated open-source utility aimed at Microsoft Office 365, and is now urging customers to enable multi-factor authentication to mitigate compromised credentials and prohibit all incoming traffic from anonymizing services wherever applicable.

"Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program," the researchers said.

"Given Iran's past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/bXrODvFRVH8/microsoft-warns-of-iran-linked-hackers.html