Monday, October 7, 2024
HomeHacksIranian Hackers Attack the US & Israeli Defense Technology - Microsoft Warns

Iranian Hackers Attack the US & Israeli Defense Technology – Microsoft Warns

Published on

Iranian hackers have recently attacked Microsoft in which more than 250 Microsft Office 365 accounts that are linked to the United States, the European Union, and the Israeli government were being compromised through comprehensive password spraying.

Despite having strong protection, the Iranian threat actors have managed to classify the vulnerabilities of their company’s protection and infiltrate them. 

After knowing about the attack, Microsoft asserts that organizations that have been attacked by Iranian groups are currently working with the EU, the United States, and Israel in the production of defense technologies.

- Advertisement - EHA

Behaviors noted

A series of behaviors and tactics are being used by the attackers, and that’s why here we have mentioned some of them below:-

  • Comprehensive inbound traffic from Tor IP addresses for password spray campaigns
  • Emulation of Firefox or Chrome browsers in password spray campaigns
  • Enumeration of Exchange ActiveSync (most common) or Autodiscover endpoints
  • Use of enumeration/password spray tool comparable to the ‘o365spray’ tool hosted at https://github.com/0xZDH/o365spray
  • Use of Autodiscover to verify accounts and passwords
  • Found password spray activity commonly topping between 04:00:00 and 11:00:00 UTC

Recommended Precautions

Here are some of the defenses that are to be followed by the organizations to keep themself safe from this kind of attack:-

  • Always allow multifactor authentication.
  • Microsoft fully assists customers to download and use passwordless resolutions such as Microsoft Authenticator to keep the accounts safe.
  • Examine and implement approved Exchange Online access policies.
  • Remember to block all incoming traffic from anonymizing services.

The main motive of the DEV-0343 operators is to gain access to commercial satellite description and their own plans and shipping records, which would be utilized to increase Iran’s developing satellite program.

That’s why Microsoft affirmed that each and every customer should stay aware of this kind of attack, as they are quite harmful in nature and can put a lot of impact on different organizations.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against...

Mobile Device Management Vendor Mobile Guardian Hacked

 Mobile Guardian, a leading Mobile Device Management (MDM) vendor, experienced unauthorized access to its...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...