Iranian state-backed hackers have targeted satellite, defense and pharmaceutical firms in the US and around the world to gather intelligence and to possibly build out domestic production in those industries amid heavy US sanctions, Microsoft analysts said Thursday.
The hackers have since February successfully broken into a few dozen of the thousands of organizations they have targeted with a blunt hacking technique that underscores the determination of Tehran’s hacking teams to access valuable intelligence targets, according to Microsoft.
A heavy regime of US sanctions has sought to cut off Iranian access to military hardware and has, according to a United Nations panel, in some cases deterred Western companies from sending medical supplies to Iran.
Though it’s difficult to know exactly why the hackers went after the satellite, defense and pharma firms, the sanctions have increased the incentive for Iran to hunt for trade secrets held by foreign companies, according to Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy.
“Those are sectors where they might have had issues generating the things that they need in-house,” DeGrippo told CNN.
The cyber-espionage campaign has carried on through the summer amid key moments in US-Iranian relations, including when US officials’ accused Iran of helping Russia produce drones for the Ukraine war.
The hackers have been breaking into email accounts by guessing common passwords en masse until one of them works, according to Microsoft. In some cases, the intruders stole data from the victim network; in others they apparently sat quietly and monitored the email accounts for intelligence with the victim none the wiser, according to Microsoft.
The hacking method is about “compromising an identity,” DeGrippo said. “I don’t know why they would choose another method if this one’s working great for them.”
The Iranian government typically denies allegations of hacking. CNN has requested comment from Iran’s Permanent Mission to the United Nations.
It’s unclear which companies in the US were breached; Microsoft declined to identify them. The US National Security Agency, which helps defense contractors defend themselves from hacks, did not respond do a request for comment.
US officials often list China and Russia as the top-tier state hacking threats to American interests, but Iran is never far behind. And hackers based in Iran have gained a reputation for being unpredictable and disruptive.
The FBI blamed Iranian hackers for an attempted hack of Boston Children’s Hospital in 2021, an allegation that Tehran denied.