Iran-linked hackers targeted US and Israeli defence firms, Microsoft says
Iran-linked hackers targeted and at times compromised systems of US and Israeli defence technology companies, Microsoft said on Monday.
In a blog post, Microsoft's Threat Intelligence Center and Digital Security Unit reported that hackers targeted dozens of defence technology and maritime transportation firms, successfully breaching a small number, in a spying campaign launched in July that could leave some of the companies vulnerable to follow-on hacking attempts.
The company did not attribute the activity directly to an Iranian government organisation but said the hacking "supports the national interests" of Iran based on a number of factors, including hacking techniques associated with another Iranian group.
"Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program," the researchers at Microsoft said.
John Lambert, head of Microsoft Threat Intelligence Center, told CNN that the tech giant discovered the hacking activity when responding to a breach of a US financial services firm this summer.
The hackers tried guessing passwords at roughly 250 organisations, but managed to breach "less than 20", Microsoft said.
According to Lambert, the hackers could use stolen login information to break into the internal networks of targeted organisations. The goal of releasing information on the intrusions now is to help organisations prepare for follow-on breach attempts, he said.
The latest attempt showcases how Iran is also focusing on sensitive data in the maritime sector. Last year, another Iranian group stole information on the military unit of a US Navy member, according to IBM.
The maritime sector has long been of interest to Iran's intelligence services and the country sits on the Strait of Hormuz, through which about a fifth of the world's oil shipments pass.
Iran and its arch-rival Israel are engaged in a shadow maritime conflict, with ships often coming under attack in the Mediterranean and Arabian Gulf.
Last summer, a drone struck the Israeli-linked Mercer Street cargo ship off the coast of Oman, while an Israeli commando force has targeted Iranian vessels carrying sanctioned fuel to Syria.
"Given Iran's past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors," the Washington State-based technology provider said.
While this activity appears concentrated on Persian Gulf ports, US maritime authorities have also had to raise their network defences in response to threats.
Unidentified hackers in August breached a computer network at the Port of Houston, US officials have stated.
Early detection of the incident meant the intruders were not in a position to disrupt shipping operations, according to a coastguard analysis of the incident obtained by CNN.
"The shipping lanes are the highways of the sea," Lambert said. "And anything related to that is going to be in the crosshairs and subject to geopolitical dynamics."