San Francisco: Microsoft analysts have said that Iranian state-backed hackers targeted satellite, defence, and pharmaceutical companies around the world in order to gather intelligence and perhaps build up domestic production in these industries amid heavy US sanctions.
Since February, the hackers have successfully breached several organisations by applying a simple hacking technique, indicating the high level of determination from Tehran’s hacking teams, according to Microsoft.
The heavy sanctions imposed by the US on Iran have limited their access to military hardware and discouraged Western companies from sending medical supplies to the country. As a result, Iran has been compelled to look for trade secrets held by foreign firms, reports CNN.
The industries targeted by the hackers are those in which they might need to build domestic production due to difficulties in acquiring necessary resources as a result of the sanctions.
However, the exact reason for targeting satellite, defence, and pharmaceutical companies is unknown, the increased incentive created by the sanctions suggests that Iran is seeking valuable intelligence.
According to Microsoft analysts, the hackers have been breaking into email accounts by guessing common passwords in bulk until one of them works.
In some instances, intruders stole data from victim networks, while in others they monitored email accounts unnoticed. The hackers have been able to continue their operations without being detected due to the simplicity and effectiveness of this technique.
Iran has a history of denying allegations of hacking, and the government has yet to respond to this one, the report said.
Microsoft has not disclosed which companies in the US were targeted, and the US National Security Agency has not commented on the matter, according to the report.
Meanwhile, China-backed hackers stole a digital consumer key from Microsoft to gain unfettered access to US government emails and the tech giant has detailed how the cyber criminals pulled off one of the biggest heists in the corporate and government circles.
China-based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA (Outlook Web App) and Outlook.com.