Hackers from Iran target global giants via Indian IT firms

The US technology company said it had observed “relatively little history” of Iranian hackers attacking Indian targets before July 2021, but it has grown since. “As India and other nations rise as major IT services hubs, more nation state actors follow the supply chain to target these providers’ public and private sector customers around the world matching nation-state interests,” Microsoft said in a blog post.

Microsoft said it has sent more than 1,600 notifications to more than 40 IT companies globally in response to the actions by Iranian hackers this year. This is a sharp increase from the 48 notifications the company issued in 2020. “The focus of several Iranian threat groups on the IT sector particularly spiked in the last six months—roughly 10-13% of our notifications were related to Iranian threat activity in the last six months, compared with 2.5% in the six months prior,” Microsoft said.

While the Iranian hackers are also companies based in Israel and United Arab Emirates (UAE), Microsoft noted that “most of the targeting” is focused on software services companies based in India.

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) pointed out that Iranian threat actors started compromising companies based in India in mid-August. The Windows-maker issued 1,788 nation state notifications (NSNs) across Iranian actors to its enterprise customers in India, “roughly 80%” of whom are IT companies. It had issued only 10 such notifications in the last three years.

Microsoft surmised that this sudden targeting of Indian IT firms was being done to gain indirect access to subsidiaries and clients they have outside the country. “Such attacks are particularly lucrative and valuable to attackers because they give access to a large number of potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022,” security company Kaspersky said in a report earlier this week.