India’s latest cyber security threat is no longer just coming from the US, or for that matter, China. Microsoft has warned that Iranian hackers are targeting Indian IT service firms and the frequency of attacks has escalated over the past few months. Previously, Microsoft had warned about Chinese hackers targeting the country.
Microsoft mentioned in a blog that there was “relatively little” history of Iranian hackers targeting India before July 2021, however, these attacks have been on the rise since. “As India and other nations rise as major IT services hubs, more nation-state actors follow the supply chain to target these providers’ public and private sector customers around the world matching nation-state interests,” Microsoft said.
“Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organisations by taking advantage of trust and access in a supply chain,” the company explained, adding that these attacks aim to steal sign-in credentials belonging to downstream customer networks to “enable further attacks”.
According to Microsoft, it has issued over 1,600 notifications in response to Iranian attacks this year to over 40 IT firms globally as compared to the 48 notifications issued in 2020. As per reports, Iranian threat actors started attacking India-based companies in mid-August and Microsoft issued 1,788 nation-state notifications or NSNs for these hackers to its enterprise customers. Of these enterprise customers, about 80 per cent were IT companies. Microsoft noted that only about 10 notifications regarding Iranian threat actors had been issued in India in the last three years.
While most of these attacks are aimed at IT service companies based in India, Iranian hackers have also targeted companies based in Israel and the United Arab Emirates (UAE).
“The Microsoft Threat Intelligence Center (MSTIC) and Digital Security Unit (DSU) assess this is part of a broader espionage objective to compromise organisations of interest to the Iranian regime,” the company said.
Since Indian IT firms often handle the backend infrastructure for some of the top global companies, Microsoft thinks these firms have become sudden targets as hackers are trying to gain “indirect access to subsidiaries and clients outside India”.