An Iran-linked threat actor has been identified as the suspected perpetrator behind a large-scale password-spraying campaign targeting over 300 Microsoft 365 organizations in Israel and the United Arab Emirates.
The campaign, which is believed to be ongoing, has been carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, according to reports from Check Point.
The primary goal of the campaign appears to be gaining unauthorized access to sensitive data and systems, potentially to disrupt or exploit the targeted organizations.
The use of password-spraying tactics, which involves attempting to login to multiple accounts using commonly used passwords, highlights the importance of implementing robust password policies and multi-factor authentication to prevent such attacks.
As tensions in the Middle East continue to escalate, the cybersecurity community is on high alert for potential nation-state sponsored attacks, and this campaign serves as a reminder of the ongoing threats faced by organizations in the region.
With the threat landscape evolving rapidly, it is essential for organizations to stay vigilant and proactive in their cybersecurity measures to prevent and respond to such attacks effectively.
Source: Original Article
