Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts

Less than 20 victims were successfully compromised.
Dubai Dry Dock, Jumeirah, Dubai, United Arab Emirates, June 2007. (Photo by ITP Images/Construction Photography/Avalon/Getty Images)

Hackers likely supporting Iranian national interests attempted to compromise U.S. and Israeli defense technology and global maritime companies, Microsoft researchers shared Monday.

The attacks, which began in July, targeted the Office 365 accounts of more than 250 Microsoft users, the company said. Less than 20 of the targeted victims were successfully compromised, according to a security alert.

Other targeted industries included defense companies supporting the European Union, geographic information systems and regional ports in the Persian Gulf. Hackers attempted to break into the accounts using a technique called “password spraying” in which hackers rapidly cycle through different passwords in an effort to access an account.

Microsoft researchers say the “activity likely supports the national interests of the Islamic Republic of Iran” and the attacks’ techniques and targets align with other Iran-sponsored campaigns.


“Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans,” researchers wrote. “Given Iran’s past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors.”

State-sponsored Iranian hackers have a long history of going after rival nations’ defense contractors and maritime resources. In 2020, the Department of Justice indicted three Iranian hackers for trying to steal critical data from U.S. aerospace and satellite companies on behalf of Iran’s government. Researchers have also suggested that Iran-linked hacking groups have posed as ransomware operators to take the maritime facility of its regional rival the United Arab Emirates. Regional adversaries have also targeted Iran’s ports.

The news comes as lawmakers raise renewed scrutiny over maritime security in the United States. Last week, Sen. Angus King, I-Maine and Rep. Michael Gallagher, R-Wis. called on Congress and the executive branch to take steps to manage growing cybersecurity risks to the maritime sector and provide greater intelligence sharing to the area of critical infrastructure.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts