Microsoft announced Monday a group of Iranian hackers were "password spraying" or password-guessing against Office 365 accounts tied to defense companies.
Microsoft wrote in their blog, the hackers, who they believe are operating out of Iran, are targeting "defense companies that support United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems."
The software conglomerate added, 250 Office 365 "tenants" have been targeted. And more notably, these tenants can encompass an entire defense organization's resources — such as employee's user accounts.
But Microsoft added, "less than 20 of the targeted tenants were successfully compromised."
The designation Microsoft is giving to this "activity" is what is being referred to as DEV-0343, which denotes the suspected Iranian group associated with the activity.
"Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans," according to Microsoft. "Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program."
Due to the hacking attacks, Microsoft is warning customers to keep their eyes open for any suspicious activity. The hacking strategy used by the attackers, known as "password-spraying," involves learning a user's email then typing in several different passwords over the course of hours or days.
"They typically target dozens to hundreds of accounts within an organization, depending on the size, and enumerate each account from dozens to thousands of times," Microsoft stated. "On average, between 150 and 1,000+ unique Tor proxy IP addresses are used in attacks against each organization."
Microsoft is urging its customers to utilize two-factor authentication to combat the attacks.
© 2025 Newsmax. All rights reserved.