Skip to main content

Iran-linked hackers targeted US and Israeli defence firms, Microsoft says

Hacking 'likely supports the national interests of the Islamic Republic of Iran', tech giant says
The hackers tried guessing passwords at roughly 250 organisations, but managed to breach "less than 20", Microsoft said (AFP)

Iran-linked hackers targeted and at times compromised systems of US and Israeli defence technology companies, Microsoft said on Monday.

In a blog post, Microsoft's Threat Intelligence Center and Digital Security Unit reported that hackers targeted dozens of defence technology and maritime transportation firms, successfully breaching a small number, in a spying campaign launched in July that could leave some of the companies vulnerable to follow-on hacking attempts.

The company did not attribute the activity directly to an Iranian government organisation but said the hacking "supports the national interests" of Iran based on a number of factors, including hacking techniques associated with another Iranian group.

"Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program," the researchers at Microsoft said.

John Lambert, head of Microsoft Threat Intelligence Center, told CNN that the tech giant discovered the hacking activity when responding to a breach of a US financial services firm this summer.

New MEE newsletter: Jerusalem Dispatch

Sign up to get the latest insights and analysis on Israel-Palestine, alongside Turkey Unpacked and other MEE newsletters

The hackers tried guessing passwords at roughly 250 organisations, but managed to breach "less than 20", Microsoft said.

According to Lambert, the hackers could use stolen login information to break into the internal networks of targeted organisations. The goal of releasing information on the intrusions now is to help organisations prepare for follow-on breach attempts, he said.

Iran using fake social media accounts to 'abduct' Israelis abroad, spy agencies say
Read More »

The latest attempt showcases how Iran is also focusing on sensitive data in the maritime sector. Last year, another Iranian group stole information on the military unit of a US Navy member, according to IBM.

The maritime sector has long been of interest to Iran's intelligence services and the country sits on the Strait of Hormuz, through which about a fifth of the world's oil shipments pass.

Iran and its arch-rival Israel are engaged in a shadow maritime conflict, with ships often coming under attack in the Mediterranean and Arabian Gulf.

Last summer, a drone struck the Israeli-linked Mercer Street cargo ship off the coast of Oman, while an Israeli commando force has targeted Iranian vessels carrying sanctioned fuel to Syria.

"Given Iran's past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors," the Washington State-based technology provider said.

While this activity appears concentrated on Persian Gulf ports, US maritime authorities have also had to raise their network defences in response to threats.

Unidentified hackers in August breached a computer network at the Port of Houston, US officials have stated.

Early detection of the incident meant the intruders were not in a position to disrupt shipping operations, according to a coastguard analysis of the incident obtained by CNN.

"The shipping lanes are the highways of the sea," Lambert said. "And anything related to that is going to be in the crosshairs and subject to geopolitical dynamics."

Middle East Eye delivers independent and unrivalled coverage and analysis of the Middle East, North Africa and beyond. To learn more about republishing this content and the associated fees, please fill out this form. More about MEE can be found here.