Security News > 2023 > September > Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal.

The tech giant, which is tracking the activity under the name Peach Sandstorm, said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate intelligence collection in support of Iranian state interests.

Peach Sandstorm, also known by the names APT33, Elfin, and Refined Kitten, has been linked to spear-phishing attacks against aerospace and energy sectors in the past, some of which have entailed the use of the SHAPESHIFT wiper malware.

"In the initial phase of this campaign, Peach Sandstorm conducted password spray campaigns against thousands of organizations across several sectors and geographies," the Microsoft Threat Intelligence team said, noting some of the activity is opportunistic.

Password spraying refers to a technique wherein a malicious actor attempts to authenticate to many different accounts using a single password or a list of commonly-used passwords.

The attacks further have been observed using Azure Arc to establish persistence by connecting to an Azure subscription controlled by the threat actor.

News URL

https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html