Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital security Unit (DSU) have revealed details of a new threat actor having links with Iran. This actor has launched a password spraying scheme, and the targets are Israeli, US, and EU defense technology firms.
Further, the tech giant has observed activities against Middle Eastern maritime and cargo transportation companies and regional ports of entry on the Persian Gulf by the same actor. Reportedly, this gang performs its operations using the moniker dev-0343. The hackers are mainly targeting Office 365 clients.
What is Password Spraying Attack?
In this kind of attack, threat actors try to brute-force accounts cycling the same passwords on multiple accounts at once. This helps them hide failed attempts using different IP addresses and evade automated defenses such as IP blocking or password lockout designed to block multiple failed login attempts.
About the Campaign
According to Microsoft’s blog post, the first intrusion was observed in July 2021. More than 250 MS Office 365 customers with multifactor authentication (MFA) toggled were targeted, and at least 20 were successfully