Security News > 2021 > October > Office 365 Spy Campaign Targets US Military Defense

The threat actor's goal is Microsoft Office 365 account takeovers.

Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran.

The campaign has targeted about 250 specific organizations that use Microsoft's cloud-based Office suite, with less than 20 of them suffering compromise, according to the company.

The attacks have specifically gone after companies that make military-grade radars, drone technology, satellite systems, emergency response communication systems, geographic information systems and spatial analytics, Microsoft said, along with the ports and transportation companies.

The group is most active between Sunday and Thursday between 7:30 a.m. and 8:30 p.m. local Iran time, with Microsoft observing peak password-spray activity between 7:30 a.m. and 2:30 p.m. How to Protect Against Office 365 Takeovers.

To protect against password-spraying attacks, Microsoft suggested that users first and foremost enable multifactor authentication.

News URL

https://threatpost.com/military-defense-spy-campaign/175425/