Malware And CampaignsCampaign

Iran-linked password spraying against Microsoft 365 and Pay2Key ransomware return

April 7, 2026The Hacker News, Nicolas Krassas, The Cyber Security Hub™

The Hacker News and others report Iran-linked actors running password-spraying waves against Microsoft 365 accounts across Israel and the UAE, alongside Pay2Key ransomware resurfacing with stronger evasion, highlighting identity-first intrusion paths during geopolitical crises.

Open in PulseSee the full authority discussion →

QUOTES

Iran-linked actors targeted Microsoft 365 accounts in 3 attack waves in March 2026, hitting 300+ orgs in Israel and 25+ in the UAE.

They used password spraying via Tor/VPNs to access mailboxes.

At the same time, Pay2Key ransomware resurfaced with stronger evasion

VOICES

The Hacker News

Nicolas Krassas

The Cyber Security Hub™

RELATED TERMS

microsoft 365password sprayingransomwaremicrosoftransomware group

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security