Microsoft said Monday that it had identified a group of Iranian hackers targeting Israeli and American defense technology companies using the tech giant’s products, as well as firms running maritime shipping in the Middle East.
The statement came as Israel and Iran have accused each other of attacks on ships in the Middle East, and amid reports of growing efforts by Tehran to avenge the death of its top nuclear scientist Mohsen Fakhrizadeh, killed last year.
In a blog post, Microsoft said it had first identified the hacker cell — nicknamed DEV-0343 — in July.
The company said the hackers carried out “extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.”
“Less than 20 of the targeted tenants were successfully compromised, but DEV-0343 continues to evolve their techniques to refine its attacks,” the statement said.
Among the targets have been “defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems.”
“This activity likely supports the national interests of the Islamic Republic of Iran based on pattern-of-life analysis, extensive crossover in geographic and sectoral targeting with Iranian actors, and alignment of techniques and targets with another actor originating in Iran,” the statement said.
Microsoft said the hacking efforts could help Iran track “adversary security services and maritime shipping in the Middle East.”
“Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program,” Microsoft said.
Microsoft said on Sunday that Iran had increased its hacks on Israel fourfold in the past year.
“Microsoft detected an increased focus from a growing number of Iranian groups targeting Israeli entities… and with that focus came a string of ransomware attacks,” the company’s annual Digital Defense Report said.
Israel and Iran have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts – including multiple suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear program.