Tehran tech hackers targeting US, EU, Israeli firms: Microsoft

Iran-based hackers have been attempting to infiltrate American, European and Israeli shipping and defense firms that do business in the Middle East, Microsoft has said. (AP/File)
Short Url
  • Attempted Iranian cyber infiltrations hit 250 defense, maritime companies
  • Group may have been launched to help Tehran track ‘adversary security services and maritime shipping in the Middle East’

LONDON: Iran-based hackers have been attempting to infiltrate American, European and Israeli shipping and defense firms that do business in the Middle East, Microsoft has said.

It announced that in recent weeks, a cell of hackers it had codenamed DEV-0343 had carried out “extensive password spraying” on some 250 companies that rely on Microsoft’s products.

A password spray is a cyber infiltration strategy to gain access to multiple accounts by using universal passwords.

The victims of the alleged spray include defense companies that support US, EU and Israeli “government partners producing military-grade radars, drone technology, satellite systems and emergency response communication systems,” Microsoft said.

It added that the cell was first detected in July — a busy month for Iranian military forces, which conducted aggressive operations in the Strait of Hormuz, killing a British security guard and a Romanian maritime worker with an explosive-laden drone strike. 

The UK, US and Israel all blamed Iran and its Islamic Revolutionary Guard Corps — Tehran’s irregular warfare unit — for the attack on the MT Mercer Street vessel. 

Zodiac Maritime, the Britain-based business owned by Israeli billionaire Eyal Ofer that operates the ship, said it had not been directly targeted by the recent cyber infiltration attempts from Iran.

Microsoft said DEV-0343 may have been launched to help Tehran track “adversary security services and maritime shipping in the Middle East.”

It added: “Less than 20 of the targeted tenants were successfully compromised, but DEV-0343 continues to evolve their techniques to refine its attacks.” 

Microsoft said “hundreds” of accounts at each of the highlighted companies had been targeted in the cyberattack, which it said was likely planned and launched in Iran.

“Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite programme,” it added.