Iranian state-sponsored threat groups are increasingly attacking the IT services sector this year in an effort to exfiltrate sign-in credentials that could be leveraged in compromising downstream customer networks' systems, BleepingComputer
Microsoft Threat Intelligence Center and Digital Security Unit analysts noted that Iran-based actor hacking attempt notifications sent to IT companies have totaled 1,647 so far this year, compared with only 48 for the entirety of 2020. Indian IT services firms were mostly the recipients of the notifications, but attacks were also observed to target firms in the United Arab Emirates and Israel. Iranian hacking groups
DEV-0227 and DEV-0056 were also discovered to have launched successful attacks against an Israel-based IT firm in July and an IT integration company in Bahrain in September, respectively.
The report comes after a joint warning from U.S., U.K. and Australian cybersecurity agencies regarding Iranian hackers' exploitation of Microsoft Exchange ProxyShell and Fortinet security flaws, as well as an MSTIC report detailing ransomware attacks by six Iranian hacking groups since September 2020.