HomeWinBuzzer NewsMicrosoft Confirms Office 365 Password-Spraying Attacks

Microsoft Confirms Office 365 Password-Spraying Attacks

Over 250 customers of Microsoft Office 365 were targeted with password spraying attacks by a threat group from Iran.


Customers of from the Israeli and US defense have been a target of “password-spraying” attacks. has confirmed the attacks, which targeted 250 customers using the Office 365 suite.

So-called password spraying involves the threat actor/s attempting to access many accounts at once while using a barrage of common passwords. It is essentially a gamble that someone will have used a password with a common variation.

Microsoft says critical infrastructure companies with operations in the Persian Gulf were the targets of the attack. The company lays the blame on a group known as DEV-0343, which Microsoft has been tracking and believes works from Iran.


Importantly, the group is not thought to be state sponsored (hence the DEV tag), but that may eventually change. Either way, Microsoft Threat Intelligence Center (MSTIC) says the group has been:

“conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.”


Of the 250 customers hit, “less than 20” were victims of successful attack. Microsoft reiterates that companies that stand the best chance of preventing such attacks are those who use multi-factor authentication.

“DEV-0343 conducts extensive password sprays emulating a Firefox browser and using IPs hosted on a Tor proxy network. They are most active between Sunday and Thursday between 7:30 AM and 8:30 PM Iran Time (04:00:00 and 17:00:00 UTC) with significant drop-offs in activity before 7:30 AM and after 8:30 PM Iran Time. They typically target dozens to hundreds of accounts within an organization, depending on the size, and enumerate each account from dozens to thousands of times. On average, between 150 and 1,000+ unique Tor proxy IP addresses are used in attacks against each organization,” Microsoft says in a security post.

It is worth noting Microsoft has been making strides towards a future.

Microsoft closed 2020 with a promise that 2021 would be the year it moves to a passwordless future. Microsoft stuck to its promise by adding a passwordless option to Outlook and OneDrive.

Among the password-less decisions the company as made in recent years include password-free login for Azure AD through Microsoft Authenticator. Elsewhere, customers also get password-free Microsoft Account login with FIDO2 compatibility. Then there's Windows Hello, which uses biometric tools to remove the need for a password.

Last month Microsoft confirmed Basic Authentication for Microsoft Exchange will end in 2022.

Tip of the day: Thanks to the Windows Subsystem for (WSL) you can run complete Linux distributions within Windows 10. In our tutorial, we show you how to install Ubuntu or other Linux packages and how to activate the bash shell.

Last Updated on February 14, 2022 8:19 pm CET

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News