image
A new threat actor, dubbed DEV-0343, has been spotted attacking U.S. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime transportation companies with ties to the Middle East. The threat actor’s goal is Microsoft Office 365 account takeovers. Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran. It stated cyberattackers are “conducting extensive password spraying” against Office 365 accounts. Password-spraying is the process of trying a list of user names and a series of different passwords against online accounts in hopes of finding a match and gaining access to password-protected accounts. In this case, the attackers typically mount attacks on “dozens to hundreds of accounts” within each targeted organization, Microsoft said, and have been seen trying thousands of credential combinations against each account. So far, the campaign has targeted about 250 specific organizations that use Microsoft’s cloud-based Office suite, with less than 20 of them suffering compromise, according to the company. However, “DEV-0343 continues to evolve their techniques to refine its attacks,” the computing giant warned. The attacks for now are being carried out using an emulated Firefox or Chrome browser, and rotating IP addresses hosted on a Tor proxy network, according to the analysis. On average, each attack uses…

Source