In a post on Microsoft Threat Intelligence Center (MSTIC), Microsoft wrote that they detected evidence of hackers linked to Iran of targeting Israeli and United States defense technology companies as well as global maritime transportation companies and Persian Gulf entry ports.
In addition, U.S., European Union and Israeli government partners working on producing technology such as drones, satellites and emergency response communications systems were also targeted by Iran.
MSTIC and Microsoft’s Digital Security Unit detected a cyber “activity cluster” that targeted hundreds of those type of Microsoft Office 365 accounts.
The hackers used “password spraying,” where attempts are made using the same password on many accounts before moving on to another one and repeating the process, were unsuccessful, and less than 20 companies were compromised. Microsoft noted that those customers where the attempts was successful were notified.
“Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans,” MSTIC reported. “Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program.”
The hacks were attempted during work hours in Iran, on Sunday through Thursday between 7:30 AM and 8:30 PM Iran Time (04:00:00 and 17:00:00 UTC) with significant drop-offs in activity before 7:30 AM and after 8:30 PM Iran Time.
Microsoft stated that Microsoft Office 365 accounts using multifactor authentication were “resilient” against the hacking efforts.