Microsoft Corp. (MSFT) has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.
The Microsoft Threat Intelligence Center (MSTIC) and Digital Security Unit (DSU) assess this as part of a broader spying objective to compromise organizations of interest to the Iranian regime.
As India and other nations rise as major IT services hubs, more nation-state actors follow the supply chain to target these providers’ public and private sector customers worldwide, matching nation-state interests.
Microsoft has issued over 1,600 notifications to over 40 IT companies in response to Iranian targeting, compared to 48 in 2020.
The focus of several Iranian threat groups on the IT sector notably spiked in the last six months.
Most of the targeting focuses on IT services companies based in India and several companies based in Israel and the United Arab Emirates.
The U.S. government, and counterparts in Australia and the U.K., warned that Iran-backed attackers have been exploiting Fortinet Inc (FTNT) vulnerabilities since at least March and a Microsoft Exchange ProxyShell vulnerability since October, TechCrunch reported.
The attackers aimed to gain access to U.S. critical infrastructure organizations in the transport and public health sectors and organizations in Australia for follow-on operations like data exfiltration, extortion, and ransomware deployment.
MSFT shares closed higher by 0.54 percent at $343.11 on Thursday.
By Anusuya Lahiri
© 2021 The Epoch Times. The Epoch Times does not provide investment advice. All rights reserved.