""The campaign is primarily focused on Israel and the U.A.E., impacting more than 300 organizations in Israel and over 25 in the U.A.E.," the Israeli cybersecurity company said."
""Password spraying is a form of brute-force attack where a threat actor attempts to use a single common password against multiple usernames on the same application.""
""Analysis of M365 logs suggests similarities to Gray Sandstorm, including the use of red-team tools to conduct these attacks via Tor exit nodes.""
""The threat actor used commercial VPN nodes hosted at AS35758 (Rachamim Aviel Twito), which aligns with recent activity tied to Iran-nexus operations in the Middle East.""
A password-spraying campaign attributed to an Iran-nexus threat actor is targeting Microsoft 365 environments in Israel and the U.A.E. The campaign has impacted over 300 organizations in Israel and more than 25 in the U.A.E. It has unfolded in three waves, with activities observed on March 3, March 13, and March 23, 2026. The campaign targets various sectors, including government, technology, and energy. The technique used is known for its effectiveness in discovering weak credentials without triggering defenses.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]