Security News > 2021 > November > Microsoft: Iranian state hackers increasingly target IT sector
Microsoft says Iranian-backed hacking groups have increasingly attempted to compromise IT services companies this year to steal credentials they could use to breach the systems of downstream clients.
According to security analysts at Microsoft Threat Intelligence Center and Digital Security Unit, this activity is part of a wider espionage objective to compromise entities of interest to the Iranian regime.
"Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks."
In September, we detected a separate Iranian group, DEV-0056, compromising email accounts at a Bahrain-based IT integration company that works on IT integration with Bahrain Government clients, who were likely DEV-0056's ultimate target.
Iranian threat actors have been in the spotlight during the last two weeks, with several advisories and reports warning of Iranian activity targeting organizations worldwide.
One day earlier, the Microsoft Threat Intelligence Center revealed that six Iranian hacking groups have started deploying ransomware and exfiltrating data from victims' systems starting in September 2020.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)