More than 250 companies have been targeted by a group of Iranian hackers so far, although fewer than 20 have been compromised.
By Batya Jerenberg, World Israel News
A new Iranian group is suspected of being behind current attacks against security-related companies linked to American, Israeli and European governments, Microsoft said in a security alert Monday.
The hackers, dubbed DEV-0343, are targeting defense companies “producing military-grade radars, drone technology, satellite systems, and emergency response communication systems” for these countries, the conglomerate’s Threat Intelligence Center said.
Besides focusing on U.S. and Israeli defense technology companies, they are also trying to hack “regional ports of entry in the Persian Gulf, and several maritime and cargo transportation companies with a business focus in the Middle East.”
The attacks, which are still ongoing, have hit more than 250 Microsoft Office 365 clients but have managed to compromise fewer than 20, the company said in a blog post on the subject. In response, the computer giant informed all the targeted clients of the attack and how to secure themselves after the fact. It also sent out instructions to all Office 365 customers on how to find out if they have been hacked, and locate which specific accounts may have had information stolen from them.
The company is also warning that “DEV-0343 continues to evolve their techniques to refine its attacks.”
The post enumerated several reasons why it believes Iranian actors are behind the online strikes. Firstly, the company said, “This activity likely supports the national interests of the Islamic Republic of Iran.” The companies being pursued “supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans. Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program.”
Since Iran has attacked maritime targets in the past, both physically and in the cyber realm, the company said, it is “encouraging” their clients in these industries and regions “to review the information shared in this blog to defend themselves from this threat.”
The Islamic Republic has been accused of being behind several attacks on ships in the Persian Gulf in recent years, including most recently a July suicide drone attack on the Mercer Street, a cargo vessel managed by an Israeli company.
Another indicator is that the pattern of attack and techniques are similar to past attempts made by the Islamic Republic. In this specific case the criminals are using a technique called “password spraying,” in which they first discover employees’ usernames by getting into companies’ email servers and then feed the same password to one account after the other.
Last October, Microsoft reported that Iranian-backed hackers sent fake emails to more than a hundred potential attendees of the Munich Security Conference that managed to fool high-level experts who help shape foreign policy in several governments into sending them their email passwords. The hackers then entered their victims’ accounts and stole their mail and contact lists “for intelligence collection purposes,” said Microsoft’s customer security and trust chief Tom Burt.