Security News > 2021 > October > Office 365 Spy Campaign Targets US Military Defense
The threat actor's goal is Microsoft Office 365 account takeovers.
Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran.
The campaign has targeted about 250 specific organizations that use Microsoft's cloud-based Office suite, with less than 20 of them suffering compromise, according to the company.
The attacks have specifically gone after companies that make military-grade radars, drone technology, satellite systems, emergency response communication systems, geographic information systems and spatial analytics, Microsoft said, along with the ports and transportation companies.
The group is most active between Sunday and Thursday between 7:30 a.m. and 8:30 p.m. local Iran time, with Microsoft observing peak password-spray activity between 7:30 a.m. and 2:30 p.m. How to Protect Against Office 365 Takeovers.
To protect against password-spraying attacks, Microsoft suggested that users first and foremost enable multifactor authentication.
News URL
https://threatpost.com/military-defense-spy-campaign/175425/
Related news
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- US freezes foreign aid, halting cybersecurity defense and policy funds for allies (source)
- Spain arrests suspected hacker of US and Spanish military agencies (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)