Friday, May 9, 2025
HomeHacksIranian Hackers Attack the US & Israeli Defense Technology - Microsoft Warns

Iranian Hackers Attack the US & Israeli Defense Technology – Microsoft Warns

Published on

SIEM as a Service

Follow Us on Google News

Iranian hackers have recently attacked Microsoft in which more than 250 Microsft Office 365 accounts that are linked to the United States, the European Union, and the Israeli government were being compromised through comprehensive password spraying.

Despite having strong protection, the Iranian threat actors have managed to classify the vulnerabilities of their company’s protection and infiltrate them. 

After knowing about the attack, Microsoft asserts that organizations that have been attacked by Iranian groups are currently working with the EU, the United States, and Israel in the production of defense technologies.

- Advertisement - Google News

Behaviors noted

A series of behaviors and tactics are being used by the attackers, and that’s why here we have mentioned some of them below:-

  • Comprehensive inbound traffic from Tor IP addresses for password spray campaigns
  • Emulation of Firefox or Chrome browsers in password spray campaigns
  • Enumeration of Exchange ActiveSync (most common) or Autodiscover endpoints
  • Use of enumeration/password spray tool comparable to the ‘o365spray’ tool hosted at https://github.com/0xZDH/o365spray
  • Use of Autodiscover to verify accounts and passwords
  • Found password spray activity commonly topping between 04:00:00 and 11:00:00 UTC

Recommended Precautions

Here are some of the defenses that are to be followed by the organizations to keep themself safe from this kind of attack:-

  • Always allow multifactor authentication.
  • Microsoft fully assists customers to download and use passwordless resolutions such as Microsoft Authenticator to keep the accounts safe.
  • Examine and implement approved Exchange Online access policies.
  • Remember to block all incoming traffic from anonymizing services.

The main motive of the DEV-0343 operators is to gain access to commercial satellite description and their own plans and shipping records, which would be utilized to increase Iran’s developing satellite program.

That’s why Microsoft affirmed that each and every customer should stay aware of this kind of attack, as they are quite harmful in nature and can put a lot of impact on different organizations.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual...

Hackers Target IT Admins by Poisoning SEO to Push Malware to Top Search Results

Cybercriminals are increasingly targeting IT administrators through sophisticated Search Engine Optimization (SEO) poisoning techniques. By...

New Mamona Ransomware Targets Windows Systems Using Abused Ping Command

Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbed Mamona,...

Malicious Python Package Impersonates Discord Developers to Deploy Remote Commands

A seemingly innocuous Python package named ‘discordpydebug’ surfaced on the Python Package Index (PyPI)...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

UK Government to Shift Away from Passwords in New Security Move

UK government has unveiled plans to implement passkey technology across its digital services later...

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco...

North Korean Hacker Tries to Infiltrate Kraken Through Job Application

Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by...