search

Microsoft says Iran hackers targeting Israeli, US defense technology firms

Tech giant says cell conducted ‘extensive password spraying’ against 250 Office users, compromising fewer than 20; targets include maritime shipping firms doing business in Mideast

Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)
Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)

Microsoft said Monday that it had identified a group of Iranian hackers targeting Israeli and American defense technology companies using the tech giant’s products, as well as firms running maritime shipping in the Middle East.

The statement came as Israel and Iran have accused each other of attacks on ships in the Middle East, and amid reports of growing efforts by Tehran to avenge the death of its top nuclear scientist Mohsen Fakhrizadeh, killed last year.

In a blog post, Microsoft said it had first identified the hacker cell — nicknamed DEV-0343 — in July.

The company said the hackers carried out “extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.”

“Less than 20 of the targeted tenants were successfully compromised, but DEV-0343 continues to evolve their techniques to refine its attacks,” the statement said.

Among the targets have been “defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems.”

“This activity likely supports the national interests of the Islamic Republic of Iran based on pattern-of-life analysis, extensive crossover in geographic and sectoral targeting with Iranian actors, and alignment of techniques and targets with another actor originating in Iran,” the statement said.

Illustrative: People walk past a Microsoft office in New York, November 10, 2016. (AP Photo/Swayne B. Hall)

Microsoft said the hacking efforts could help Iran track “adversary security services and maritime shipping in the Middle East.”

“Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program,” Microsoft said.

Numerous suspected Iranian cyberattacks on Israel were reported in recent years, including one that targeted its water infrastructure in 2020. The most recent was reported last week.

Microsoft said on Sunday that Iran had increased its hacks on Israel fourfold in the past year.

“Microsoft detected an increased focus from a growing number of Iranian groups targeting Israeli entities… and with that focus came a string of ransomware attacks,” the company’s annual Digital Defense Report said.

Israel and Iran have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts – including multiple suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear program.

read more:
comments
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed