Tue. Sep 26th, 2023
Iranian State-Backed Hackers Target Satellite, Defence, and Pharmaceutical Companies

Microsoft analysts have reported that Iranian state-backed hackers have been actively targeting satellite, defence, and pharmaceutical companies worldwide. Their objective is to gather intelligence and potentially bolster domestic production in these industries, especially in the midst of heavy US sanctions on Iran. These hackers have been successful in breaching multiple organizations since February, employing a simple hacking technique that showcases the determination of Tehran’s hacking teams.

The US sanctions have severely limited Iran’s access to military hardware and discouraged Western companies from supplying medical resources to the country. This has forced Iran to explore alternative methods of acquiring trade secrets held by foreign firms. While the exact reasons for targeting satellite, defence, and pharmaceutical companies remain unknown, the increased incentive created by the sanctions suggests that Iran is seeking valuable intelligence in these areas.

According to Microsoft analysts, the hackers have been gaining unauthorized access to email accounts by systematically guessing common passwords in large numbers until one of them works. Some incidents involved stealing data from victim networks, while others involved covertly monitoring email accounts. The simplicity and effectiveness of this hacking technique have allowed the hackers to operate unnoticed.

Iran has a history of denying allegations of hacking, and the government has yet to respond to these specific allegations. Microsoft has chosen not to disclose the names of the targeted companies in the US, and the US National Security Agency has not commented on the matter either.

In a separate incident, it was revealed that China-backed hackers managed to steal a digital consumer key from Microsoft, granting them unrestricted access to US government emails. The cybercriminals exploited this access to conduct one of the largest heists in corporate and government circles. The threat actor known as Storm-0558 used the acquired Microsoft account to forge tokens, providing access to OWA (Outlook Web App) and Outlook.com.

These incidents highlight the ongoing challenges and threats posed by state-sponsored hacking groups, with both Iran and China actively targeting sensitive industries and government entities.