A new threat actor, dubbed DEV-0343, has been spotted attacking U.S. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime transportation companies with ties to the Middle East. The threat actor’s goal is Microsoft Office 365 account takeovers. Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran. It stated cyberattackers are “conducting extensive password spraying” against Office 365 accounts. Password-spraying is the process of trying a list of user names and a series of different passwords against online accounts in hopes of finding a match and gaining access to password-protected accounts. In this case, the attackers typically mount attacks on “dozens to hundreds of accounts” within each targeted organization, Microsoft said, and have been seen trying thousands of credential combinations against each account. So far, the campaign has targeted about 250 specific organizations that use Microsoft’s cloud-based Office suite, with less than 20 of them suffering compromise, according to the company. However, “DEV-0343 continues to evolve their techniques to refine its attacks,” the computing giant warned. The attacks for now are being carried out using an emulated Firefox or Chrome browser, and rotating IP addresses hosted on a Tor proxy network, according to the analysis. On average, each attack uses…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-10-12 13:46:002021-10-12 13:46:00Office 365 Spy Campaign Targets US Military Defense
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com