IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Iranian hackers ramp up attacks against IT services sector

Microsoft security researchers warn hacking is part of broader cyber espionage effort

Iranian hackers are targeting companies in the IT services sector in a bid to steal credentials belonging to downstream customer networks to enable further attacks.

Security researchers at the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Digital Security Unit (DSU) said this new campaign is part of a broader spying objective to compromise organizations of interest to the Iranian regime.

Researchers said they had already sent  more than 1,600 notifications to over 40 IT companies in response to Iranian targeting, compared to 48 notifications in 2020.

To date, most attacks have been focused on Indian IT services firms, which are used a lot by companies in the US. Some targets were also based in Israel and the United Arab Emirates.

Two hacking groups, tracked by Microsoft as DEV-0228 and DEV-0056. The former compromised a single Israel-based IT company that provides business management software in July 2021.

“Based on MSTIC’s assessment, DEV-0228 used access to that IT company to extend their attacks and compromise downstream customers in the defense, energy, and legal sectors in Israel,” said researchers.

This group dumped credentials from the on-premises network of an IT provider based in Israel in early July.

“Over the next two months, the group compromised at least a dozen other organizations, several of which have strong public relations with the compromised IT company,” they said.

Related Resource

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

2021 state of email security report: Ransomware on the rise - whitepaper from MimecastFree download

In September, researchers observed a separate Iranian group, DEV-0056, compromising email accounts at a Bahrain-based IT integration company that works on IT integration with Bahrain Government clients, who were likely DEV-0056's ultimate target.

“DEV-0056 also compromised various accounts at a partially government-owned organization in the Middle East that provide information and communications technology to the defense and transportation sectors, which are targets of interest to the Iranian regime. DEV-0056 maintained persistence at the IT integration organization through at least October,” added researchers.

This follows a warning from the US Cybersecurity and Infrastructure Security Agency  (CISA) that Iranian government-sponsored APT actors are “actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the transportation sector and the Healthcare and public health sector, as well as Australian organizations.”

"FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors. These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion,” it added.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022
What is phishing?
phishing

What is phishing?

29 Apr 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022