Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts
Hackers likely supporting Iranian national interests attempted to compromise U.S. and Israeli defense technology and global maritime companies, Microsoft researchers shared Monday.
The attacks, which began in July, targeted the Office 365 accounts of more than 250 Microsoft users, the company said. Less than 20 of the targeted victims were successfully compromised, according to a security alert.
Other targeted industries included defense companies supporting the European Union, geographic information systems and regional ports in the Persian Gulf. Hackers attempted to break into the accounts using a technique called “password spraying” in which hackers rapidly cycle through different passwords in an effort to access an account.
Microsoft researchers say the “activity likely supports the national interests of the Islamic Republic of Iran” and the attacks’ techniques and targets align with other Iran-sponsored campaigns.
“Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans,” researchers wrote. “Given Iran’s past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors.”
State-sponsored Iranian hackers have a long history of going after rival nations’ defense contractors and maritime resources. In 2020, the Department of Justice indicted three Iranian hackers for trying to steal critical data from U.S. aerospace and satellite companies on behalf of Iran’s government. Researchers have also suggested that Iran-linked hacking groups have posed as ransomware operators to take the maritime facility of its regional rival the United Arab Emirates. Regional adversaries have also targeted Iran’s ports.
The news comes as lawmakers raise renewed scrutiny over maritime security in the United States. Last week, Sen. Angus King, I-Maine and Rep. Michael Gallagher, R-Wis. called on Congress and the executive branch to take steps to manage growing cybersecurity risks to the maritime sector and provide greater intelligence sharing to the area of critical infrastructure.