A recent password-spraying campaign, suspected to be carried out by an Iran-linked threat actor, has targeted over 300 Microsoft 365 organizations in Israel and the United Arab Emirates.
The campaign, which is believed to be ongoing, consists of three distinct attack waves that took place on March 3, March 13, and March 23, 2026, according to Check Point.
The attacks are thought to be linked to the ongoing conflict in the Middle East, with the threat actors attempting to gain unauthorized access to sensitive information and disrupt business operations.
Microsoft 365 users are advised to remain vigilant and take necessary precautions to protect their accounts, including using strong passwords and enabling multi-factor authentication.
The password-spraying campaign highlights the increasing threat of cyberattacks in the region and the importance of robust cybersecurity measures to prevent such attacks.
As the situation continues to unfold, organizations must prioritize their cybersecurity and stay informed about potential threats to ensure the security and integrity of their data.
Source: Original Article
