Microsoft analysts have revealed that Iranian state-backed hackers have been targeting satellite, defence, and pharmaceutical companies worldwide. The objective of these cyber attacks is to gather intelligence and possibly develop domestic production in these industries due to heavy US sanctions imposed on Iran.
Since February, the hackers have successfully breached several organizations using a simple hacking technique, indicating the determination of Tehran’s hacking teams. The US sanctions have limited Iran’s access to military equipment and discouraged Western companies from providing medical supplies to the country. As a result, Iran has resorted to seeking trade secrets from foreign firms.
The industries targeted by the hackers are those in which Iran may struggle to acquire necessary resources due to the sanctions. While the exact reason for targeting these specific industries is unknown, the increased incentive created by the sanctions suggests that Iran is seeking valuable intelligence.
The hackers have been infiltrating email accounts by guessing common passwords in bulk until one of them works. They have stolen data from victim networks and monitored email accounts unnoticed. The simplicity and effectiveness of this technique have allowed the hackers to continue their activities undetected.
Iran has a history of denying hacking allegations, and the government has not responded to these specific claims. Microsoft has not disclosed the names of the targeted companies in the US, and the US National Security Agency has not made any comments regarding the matter.
In a separate incident, China-backed hackers used a stolen digital consumer key from Microsoft to gain unrestricted access to US government emails. The cyber criminals were able to forge tokens using the acquired account, granting them access to OWA and Outlook.com. This incident is considered one of the largest heists in corporate and government circles.