Advertisement
Subscribe to our daily newsletter.
Subscribe

Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts

Less than 20 victims were successfully compromised.

By

Dubai Dry Dock, Jumeirah, Dubai, United Arab Emirates, June 2007. (Photo by ITP Images/Construction Photography/Avalon/Getty Images)

Hackers likely supporting Iranian national interests attempted to compromise U.S. and Israeli defense technology and global maritime companies, Microsoft researchers shared Monday.

The attacks, which began in July, targeted the Office 365 accounts of more than 250 Microsoft users, the company said. Less than 20 of the targeted victims were successfully compromised, according to a security alert.

Other targeted industries included defense companies supporting the European Union, geographic information systems and regional ports in the Persian Gulf. Hackers attempted to break into the accounts using a technique called “password spraying” in which hackers rapidly cycle through different passwords in an effort to access an account.

Microsoft researchers say the “activity likely supports the national interests of the Islamic Republic of Iran” and the attacks’ techniques and targets align with other Iran-sponsored campaigns.

Advertisement

“Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans,” researchers wrote. “Given Iran’s past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors.”

State-sponsored Iranian hackers have a long history of going after rival nations’ defense contractors and maritime resources. In 2020, the Department of Justice indicted three Iranian hackers for trying to steal critical data from U.S. aerospace and satellite companies on behalf of Iran’s government. Researchers have also suggested that Iran-linked hacking groups have posed as ransomware operators to take the maritime facility of its regional rival the United Arab Emirates. Regional adversaries have also targeted Iran’s ports.

The news comes as lawmakers raise renewed scrutiny over maritime security in the United States. Last week, Sen. Angus King, I-Maine and Rep. Michael Gallagher, R-Wis. called on Congress and the executive branch to take steps to manage growing cybersecurity risks to the maritime sector and provide greater intelligence sharing to the area of critical infrastructure.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

A picture taken from the plain of Khiam shows a man waving an Iranian flag as smoke rises from burning dry grass, following skirmishes between Lebanese youths and Israeli soldiers, at a rally to mark the 23rd anniversary of Israel’s withdrawal from Lebanon, on May 25, 2023. (Photo by MAHMOUD ZAYYAT/AFP via Getty Images)

Iran hacking group impersonates defense firms, hostage campaigners

A hacking campaign linked to the Islamic Revolutionary Guard Corps is targeting firms in the defense sector with a pair of new backdoors.
By AJ Vicens

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

The logo of the podcast Safe Mode

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics