Close Menu
    What's Hot

    3 Questions: Neural transparency and the future of AI design | MIT News

    OpenAI’s first device could be a screenless smart speaker. It has plenty of competition

    Russia Targets Critical Ukrainian Infrastructure in the Black Sea

    Facebook X (Twitter) Instagram
    Trending
    • 3 Questions: Neural transparency and the future of AI design | MIT News
    • OpenAI’s first device could be a screenless smart speaker. It has plenty of competition
    • Russia Targets Critical Ukrainian Infrastructure in the Black Sea
    • A British diplomat with a diplomatic answer – Live Updates
    • U.S. Military Forces Again Blockade Iranian Ports
    • U.S. and Iran Trade Strikes With No Sign of Backing Down
    • Gathering of Latino-American politicians shows little love for Argentina – Live Updates
    • Billboard in Iran’s Capital Depicts Trump in a Coffin
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

    adminBy adminApril 6, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

    An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East.

    The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point.

    “The campaign is primarily focused on Israel and the U.A.E., impacting more than 300 organizations in Israel and over 25 in the U.A.E.,” the Israeli cybersecurity company said. “Activity associated with the same actor was also observed against a limited number of targets in Europe, the United States, the United Kingdom, and Saudi Arabia.”

    The campaign is assessed to have targeted the cloud environments of government entities, municipalities, technology, transportation, energy sector organizations, and private-sector companies in the region.

    Password spraying is a form of brute-force attack where a threat actor attempts to use a single common password against multiple usernames on the same application. It’s also considered a more effective way to discover weak credentials at scale without triggering rate-limiting defenses.

    Cybersecurity

    Check Point said the technique is known to be adopted by Iranian hacking groups like Peach Sandstorm and Gray Sandstorm (formerly DEV-0343) in the past to infiltrate target networks.

    The campaign essentially unfolds over three phases: aggressive scanning or password-spraying conducted from Tor exit nodes, followed by conducting the login process, and exfiltrating sensitive data, such as mailbox content. 

    “Analysis of M365 logs suggests similarities to Gray Sandstorm, including the use of red-team tools to conduct these attacks via Tor exit nodes,” Check Point said. “The threat actor used commercial VPN nodes hosted at AS35758 (Rachamim Aviel Twito), which aligns with recent activity tied to Iran-nexus operations in the Middle East.”

    To counter the threat, organizations are advised to monitor sign-in logs for signs of password spraying, apply conditional access controls to limit authentication to approved geographic locations, enforce multi-factor authentication (MFA) for all users, and enable audit logs for post-compromise investigation.

    Iran Revives Pay2Key Operations

    The disclosure comes as a U.S. healthcare organization was targeted in late February 2026 by Pay2Key, an Iranian ransomware gang with ties to the country’s government. The ransomware-as-a-service (RaaS) operation, which has ties to the Fox Kitten group, first emerged in 2020.

    The variant deployed in the attack is an upgrade from prior campaigns observed in July 2025, using improved evasion, execution, and anti-forensics techniques to achieve its goals. According to Beazley Security and Halcyon, no data was exfiltrated during the attack, a shift from the group’s double extortion playbook. 

    The attack is said to have leveraged an undetermined access route to breach the organization, using a legitimate remote access tool like TeamViewer to establish a foothold, then harvest credentials for lateral movement, disarm Microsoft Defender Antivirus by falsely signaling that a third-party antivirus product is active, inhibit recovery, deploy ransomware, drop a ransom note, and clear logs to cover up the tracks.

    “By clearing logs at the end of execution rather than the beginning, the actors ensure that even the ransomware’s own activity is wiped, not just whatever preceded it,” Halcyon said.

    Among the key changes the group enacted following its return last year was offering affiliates an 80% cut of ransom proceeds, up from 70%, for participating in attacks targeting Iran’s enemies. A month later, a Linux variant of the Pay2Key ransomware was detected in the wild.

    Cybersecurity

    “The sample is configuration-driven, requires root-level privileges to execute, and is engineered to traverse broad file system scope, classify mounts, and encrypt data using ChaCha20 in full or partial modes,” Morphisec researcher Ilia Kulmin said in a report published last month.

    “Before encryption, it weakens defenses and removes friction by stopping services, killing processes, disabling SELinux and AppArmor, and installing a reboot-time cron entry. This lets the encryptor run faster and survive restarts.”

    In March 2026, Halcyon also revealed that the administrator of Sicarii ransomware, Uke, urged pro-Iranian operators to use Baqiyat 313 Locker (aka BQTlock) due to the influx of affiliate requests. BQTLock, which operates with pro-Palestinian motives, has targeted the U.A.E., the U.S., and Israel since July 2025.

    “Iran has a long track record of using cyber operations to retaliate against perceived political slights,” the cybersecurity company said. “Ransomware is increasingly incorporated into these operations, with ransomware campaigns that blur the line between criminal extortion and state-sponsored sabotage.”

    campaign Iranlinked Israeli Microsoft Organizations PasswordSpraying targets
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous Article‘Historic day’: Artemis astronauts break space distance record
    Next Article Gozney Dome Gen 2 Review: The Ultimate Backyard Flex
    admin
    • Website

    Related Posts

    Russia Targets Critical Ukrainian Infrastructure in the Black Sea

    July 15, 2026

    TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

    July 15, 2026

    OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

    July 15, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    3 Questions: Neural transparency and the future of AI design | MIT News

    OpenAI’s first device could be a screenless smart speaker. It has plenty of competition

    Russia Targets Critical Ukrainian Infrastructure in the Black Sea

    A British diplomat with a diplomatic answer – Live Updates

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by