Nicolas Krassas and Check Point Research describe Iranian activity focused on Microsoft 365 password-spraying. Check Point Research says TOR was used to scan and spray and Israeli VPN infrastructure was used for successful logins.
Iran targets M365 accounts with password-spraying attacks
Iranian APT conducts a wide M365 password spray campaign - focus on Israeli and UAE orgs
TOR used to scan and spray, Israeli VPN infrastructure used for successful logins
Check Point Research reported an Iran-linked threat actor conducting a three-wave password-spraying campaign targeting Microsoft 365 in the Middle East, mainly Israel and the UAE, impacting over 300 Israeli and 25 UAE organizations
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.
← Back to Cyber Security