![microsoft office for military microsoft office for military](https://www.lifewire.com/thmb/anI-DZmCFKqmKJu-5KZXpdMM7rY=/1008x392/filters:no_upscale():max_bytes(150000):strip_icc()/MSStoremilitarydiscount-afbb8a06493e46dcbe9d89e93e124e16.jpg)
- #MICROSOFT OFFICE FOR MILITARY HOW TO#
- #MICROSOFT OFFICE FOR MILITARY PASSWORD#
- #MICROSOFT OFFICE FOR MILITARY SERIES#
#MICROSOFT OFFICE FOR MILITARY HOW TO#
How to Protect Against Office 365 Takeovers local Iran time, with Microsoft observing peak password-spray activity between 7:30 a.m. “Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans…Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program.”Īlso, the group is most active between Sunday and Thursday between 7:30 a.m. “This activity likely supports the national interests of the Islamic Republic of Iran based on pattern-of-life analysis, extensive crossover in geographic and sectoral targeting with Iranian actors, and alignment of techniques and targets with another actor originating in Iran,” the company noted. That dovetails with Iran’s past attacks against shipping and maritime targets and overall goals, according to Microsoft. For instance, the attacks have specifically gone after companies that make military-grade radars, drone technology, satellite systems, emergency response communication systems, geographic information systems (GIS) and spatial analytics, Microsoft said, along with the ports and transportation companies. Once more is known about the attackers, Microsoft will give it a permanent name.įor now though, there’s evidence that points to the threat actors being Iranian, it said.
![microsoft office for military microsoft office for military](https://i.pinimg.com/474x/bd/ad/05/bdad055959cfa232435cbfc9b41b641c.jpg)
The group’s “DEV”-based name is just Microsoft’s temporary designation standing for a cluster of developing activity. “This allows DEV-0343 to validate active accounts and passwords, and further refine their password-spray activity.” Alleged Links to Iran “The operators typically target two Exchange endpoints – Autodiscover and ActiveSync – as a feature of the enumeration/password spray tool they use,” according to Microsoft. Use of Autodiscover to validate accounts and passwords.Use of enumeration/password spray tool similar to the “o365spray” tool.Enumeration of Exchange ActiveSync (most common) or Autodiscover endpoints.
#MICROSOFT OFFICE FOR MILITARY PASSWORD#
![microsoft office for military microsoft office for military](https://1gew6o3qn6vx9kp3s42ge0y1-wpengine.netdna-ssl.com/wp-content/uploads/prod/sites/5/2018/10/Soldier-Laptop.jpg)
So far, the campaign has targeted about 250 specific organizations that use Microsoft’s cloud-based Office suite, with less than 20 of them suffering compromise, according to the company. In this case, the attackers typically mount attacks on “dozens to hundreds of accounts” within each targeted organization, Microsoft said, and have been seen trying thousands of credential combinations against each account.
#MICROSOFT OFFICE FOR MILITARY SERIES#
Password-spraying is the process of trying a list of user names and a series of different passwords against online accounts in hopes of finding a match and gaining access to password-protected accounts. It stated cyberattackers are “conducting extensive password spraying” against Office 365 accounts. Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran. The threat actor’s goal is Microsoft Office 365 account takeovers. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime transportation companies with ties to the Middle East. A new threat actor, dubbed DEV-0343, has been spotted attacking U.S.