A newly discovered password-spraying campaign has been attributed to an Iran-linked threat actor, targeting over 300 Microsoft 365 organizations in Israel and the United Arab Emirates.
The campaign, which is believed to be ongoing, has been carried out in three distinct waves, with the first wave occurring on March 3, 2026, followed by subsequent waves on March 13 and March 23, 2026, according to research by Check Point.
The primary goal of the campaign appears to be gaining unauthorized access to Microsoft 365 environments, potentially to steal sensitive information or disrupt operations.
The password-spraying attacks come amid heightened tensions in the Middle East, and the targeting of Israeli and U.A.E. organizations suggests a potential geopolitical motivation behind the campaign.
While the specific vulnerabilities exploited in the campaign have not been disclosed, the use of password-spraying tactics suggests that the attackers are attempting to take advantage of weak passwords or poor security practices among the targeted organizations.
As the campaign is believed to be ongoing, organizations in the region are advised to remain vigilant and take steps to strengthen their security posture, including implementing robust password policies and multi-factor authentication.
Source: Original Article
