Summary

An Iran-linked threat actor is suspected of conducting a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing Middle East conflicts. The campaign, which is still active, involved three attack waves in March 2026.

Key Points

• The campaign targeted over 300 Microsoft 365 organizations in Israel and the U.A.E.
• The attacks occurred in three waves on March 3, March 13, and March 23, 2026.
• Check Point identified and reported the ongoing nature of this cyber threat.
• The campaign is linked to geopolitical tensions in the Middle East.

Analysis

This campaign highlights the persistent threat of state-sponsored cyber attacks, particularly in geopolitically sensitive regions. The use of password-spraying techniques underscores the need for robust password policies and multi-factor authentication to mitigate such threats. The ongoing nature of the attacks suggests a sustained effort to compromise sensitive information and disrupt operations.

Conclusion

IT professionals should prioritize strengthening their organization's password policies and implement multi-factor authentication to protect against password-spraying attacks. Continuous monitoring and threat intelligence updates are crucial to staying ahead of such state-sponsored cyber threats.