Microsoft announced Monday that it has been tracking hacking activities by an Iran-linked group that targeted US and Israeli defense and other key companies.
The hackers were trying to guess passwords of users and accounts to penetrate defense technology companies and Persian Gulf ports of entry, as well as global maritime transportation companies with ties to the Middle East.
The group known as DEV-0343 was able to compromise just 20 passwords among hundreds it tried to penetrate, Microsoft said, adding, “DEV-0343 continues to evolve their techniques to refine its attacks. MSTIC noted that Office 365 accounts with multifactor authentication (MFA) enabled are resilient against password sprays.”
Iranian hackers have been highly active in the past decade and are believed to be as dangerous as Chinese and Russian groups that operate either within their respective intelligence services or are closely associated with them.
“Microsoft has directly notified customers that have been targeted or compromised, providing them with the information they need to secure their accounts,” the company said in a statement.
The focus of the hackers was defense technology companies working on military-grade radar development, drone technology, satellite systems and emergency response communication systems. “Further activity has targeted customers in geographic information systems (GIS), spatial analytics, regional ports of entry in the Persian Gulf, and several maritime and cargo transportation companies with a business focus in the Middle East,” Microsoft said.
As in the past cases of Iranian hacking aimed at military and sensitive economic targets this operation “likely supports the national interest of the Islamic Republic of Iran,” Microsoft said, and added, that its assessment shows “this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans.”
Microsoft did not attribute the hacking to any particular Iranian government entity, but the Islamic Revolution Guard Corps (IRGC) is known for its large ‘cyber army’ that engages in both suppression of internet access and cyber surveillance within Iran and disinformation activities abroad, as well as sophisticated hacking of Western and other targets.
Facebook also announced on Monday it has dismantled dozens of accounts engaged in dissemination of fake news within Iran. "We removed 93 Facebook accounts, 14 Pages, 15 Groups and 194 Instagram accounts in Iran that targeted primarily domestic audiences in that country, particularly in the Lorestan province," The social media company said.
CNN quoted Microsoft’s John Lambert as saying that his corporation discovered the hacking activity when responding to a breach of a US financial services company this summer. He added that Microsoft decided to release the information now to help organizations prepare for follow-on hacking attempts.