In an article on the Microsoft Threat Intelligence Center (MSTIC), Microsoft wrote that it had detected evidence of Iranian-related hackers targeting Israeli and U.S. defense technology companies as well as global shipping companies and ports. entrance to the Persian Gulf.
In addition, partners from the United States, the European Union and the Government of Israel working on the production of technologies such as drones, satellites and emergency response communication systems have also been targeted by the Iran.
MSTIC and Microsoft’s digital security unit have detected a cyber “business cluster” targeting hundreds of such Microsoft Office 365 accounts.
Hackers used ‘password spray’, where attempts are made using the same password on many accounts before switching to another and repeating the process, failed and less than 20 companies were compromised. Microsoft noted that customers who successfully tried have been notified.
“Microsoft believes that this targeting supports the Iranian government’s monitoring of opposing security services and shipping in the Middle East to improve their contingency plans,” MSTIC reported. “Accessing commercial satellite imagery and proprietary expedition plans and logs could help Iran offset the expansion of its satellite program. “
The hacks were attempted during working hours in Iran, Sunday through Thursday between 7:30 a.m. and 8:30 p.m. Iranian time (4:00 a.m. to 5:00 p.m. UTC) with significant drops in activity before 7:00 a.m. 30:00 a.m. and after 8:30 p.m. Iranian time.
Microsoft said Microsoft Office 365 accounts using multi-factor authentication were “resilient” against hacking efforts.