Iran-linked threat actors, including Gray Sandstorm and Peach Sandstorm, conducted coordinated password-spraying attacks against over 300 organizations in Israel and 25+ in the UAE across three waves in March. Attackers targeted Microsoft 365 accounts using Tor exit nodes masquerading as IE10, then authenticated via Israeli-geolocated VPN IPs to bypass geographic restrictions. Check Point Research notes a correlation between targeted municipalities and cities hit by Iranian missile strikes, suggesting the campaign may have supported bomb-damage assessment (BDA) efforts. Separately, Iran-linked group Handala Hack claimed to have breached FBI Director Kash Patel's personal email.
Sort: