Iran-Linked Hackers Launch Password Spray Campaign Against Microsoft 365 Tenants in Middle East

An Iran-linked threat actor has launched a password spray campaign targeting Microsoft 365 tenants in the Middle East, primarily focusing on Israel and the UAE. The attackers exploit weak passwords and exposed cloud accounts to gain access to sensitive data and tools, bypassing traditional malware defenses. The campaign involved multiple waves and utilized techniques like Tor exit nodes and commercial VPNs to obscure their origin and activity.