Microsoft has released a new report pertaining to findings linked to the new DEV-0343 activity cluster that has been tracked by the company since late July of this year. Microsoft has allegedly observed the group conducting extensive password spraying against more than 250 Office365 tenants, focusing specifically on US and Israeli defense technology companies, global maritime transportation companies located in the Middle east, and Persian Gulf ports of entry. Microsoft stated that less than 20 of the group’s targets were successfully infiltrated, however, the threat group is continuously shifting their techniques and refining their attack methods. It is important to note that Microsoft stated that Office 365 accounts with multifactor authentication are resilient against password sprays.
The activity cluster is currently named DEV-0343 and will be renamed when Microsoft can reach high confidence about the origin or identity of the actor behind the operation. Microsoft has notified customers who have been targeted or compromised. DEV-0343 has targeted defense companies that support US, Israeli, and European Unioin efforts such as organizations working on the development of military-grade radars, drone technology, satellite systems, and emergency response communication systems. Microsoft stated that this activity likely supports the national interests of the Islamic Republic of Iran due to a series of factors such as the alignment of techniques and targets with another threat actor originating in Iran. Microsoft has warned companies in the shipping and maritime sectors to be vigilant and aware of the risks posed by DEV-0343.
Read the Report Here: Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors