An email asks the victim to open a link to confirm the delivery details. It directs to a fake courier page in which user has to digit only the password.
Microsoft: Iran DEV-0343 targets US and Israeli technology companies. The threat actors conducted extensive password spraying against more than 250 Office 365 tenants, included GIS and Persian Gulf ports
US and Israeli defense technology companies are under an intense wave of cyberattacks by a not identified Iranian-linked group, dubbed DEV-0343. It has been discovered by the Microsoft Threat Intelligence Center (MSTIC) cybersecurity experts. The campaign was first observed and began tracking in late July 2021, and it has been launched with extensive password spraying against more than 250 Office 365 tenants. In particular, the threat actors targets defense companies that support United States, European Union, and Israeli government partners producing military radars, drone technology, satellite systems, and emergency response communication systems. Further activity has targeted customers in geographic information systems (GIS), spatial analytics, regional ports of entry in the Persian Gulf, and several maritime and cargo transportation companies with focused on the Middle East. This activity likely supports the national interests of Tehran. Moreover, DEV-0343 uses an elaborate series of Tor IP addresses to obfuscate their operational infrastructure.