"The attackers used multiple source IP addresses to target numerous Microsoft 365 accounts, affecting more than 300 organizations in Israel and more than 25 in the United Arab Emirates."
"The attacks happened in three waves - March 3, March 13, and March 23 - and Iran-linked groups, including the Islamic Revolutionary Guard Corps' Peach Sandstorm and Gray Sandstorm, are known to use this method to gain initial access."
"Check Point noted some correlation between the orgs targeted with password spraying and cities targeted by missile attacks. This suggests the campaign was likely intended to support kinetic operations and Bombing Damage Assessment efforts."
Iran-linked threat actors are executing password-spraying attacks against over 300 organizations, mainly in Israel and the UAE. These attacks, occurring in three waves, are believed to support bomb-damage assessments following missile strikes. The attackers, associated with groups like the Islamic Revolutionary Guard Corps, target Microsoft 365 accounts using multiple IP addresses. While municipalities are the primary targets, other sectors such as technology, transportation, healthcare, and manufacturing are also affected. The method involves using weak passwords and disguising their activity through Tor exit nodes.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]