Microsoft declares that Iranian cybercrime organizations have been trying to breach IT services businesses more frequently this year to collect credentials that they could further use to compromise the networks of downstream customers.
According to cybersecurity experts at Microsoft Threat Intelligence Center (MSTIC) and Digital Security Unit (DSU), this operation is part of a larger espionage strategy to hack organizations of interest to the Iranian government.
This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain.
Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.
According to BleepingComputer, more than 1,600 notifications were sent by Redmond to over 40 IT services organizations, alerting them of hacking attempts conducted by Iran-based Advanced Persistent Threat (APT) gangs. When compared to 2020, when Microsoft only sent 48 notifications throughout the year, we notice that it has been a significant increase.
Israel and the United Arab Emirates Firms Also Targeted
The majority of these attacks target Indian IT services companies, with a few of