Security News > 2021 > November > Microsoft: Iranian state hackers increasingly target IT sector
Microsoft says Iranian-backed hacking groups have increasingly attempted to compromise IT services companies this year to steal credentials they could use to breach the systems of downstream clients.
According to security analysts at Microsoft Threat Intelligence Center and Digital Security Unit, this activity is part of a wider espionage objective to compromise entities of interest to the Iranian regime.
"Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks."
In September, we detected a separate Iranian group, DEV-0056, compromising email accounts at a Bahrain-based IT integration company that works on IT integration with Bahrain Government clients, who were likely DEV-0056's ultimate target.
Iranian threat actors have been in the spotlight during the last two weeks, with several advisories and reports warning of Iranian activity targeting organizations worldwide.
One day earlier, the Microsoft Threat Intelligence Center revealed that six Iranian hacking groups have started deploying ransomware and exfiltrating data from victims' systems starting in September 2020.
News URL
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)