Security News > 2021 > November > Microsoft: Iranian state hackers increasingly target IT sector
Microsoft says Iranian-backed hacking groups have increasingly attempted to compromise IT services companies this year to steal credentials they could use to breach the systems of downstream clients.
According to security analysts at Microsoft Threat Intelligence Center and Digital Security Unit, this activity is part of a wider espionage objective to compromise entities of interest to the Iranian regime.
"Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks."
In September, we detected a separate Iranian group, DEV-0056, compromising email accounts at a Bahrain-based IT integration company that works on IT integration with Bahrain Government clients, who were likely DEV-0056's ultimate target.
Iranian threat actors have been in the spotlight during the last two weeks, with several advisories and reports warning of Iranian activity targeting organizations worldwide.
One day earlier, the Microsoft Threat Intelligence Center revealed that six Iranian hacking groups have started deploying ransomware and exfiltrating data from victims' systems starting in September 2020.
News URL
Related news
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)