Iran Among Top Hackers in 300 Million Daily Cyberattacks on Microsoft Users
Microsoft President Brad Smith revealed on Thursday that the company detects around 300 million cyberattacks targeting its customers daily, with a majority originating from China, Iran, North Korea and Russia.
Smith spent over three hours addressing inquiries from the House Committee on Homeland Security in Washington, emphasizing the integration of cybersecurity into Microsoft's core values.
During the session, members of the US Congress pressed Microsoft to account for lapses that allowed a Chinese hacking group to breach the emails of senior US officials.
Smith emphasized that simply improving Microsoft's defenses won't be enough, citing the growing expertise and aggressiveness of adversaries from North Korea, Russia, China, and Iran.
“Improving Microsoft alone will not suffice. We are facing formidable adversaries in North Korea, Russia, China, and Iran, who are becoming more skilled and aggressive,” Smith told the committee.
“We should anticipate their collaboration. Their attacks are increasing at an extraordinary rate,” he added.
According to the US Cybersecurity and Infrastructure Security Agency (CISA) 2023 Annual Threat Assessment, Iran poses a significant cyber threat. The report cited Iran's growing cyber capabilities and its penchant for aggressive cyber operations targeting US and allied networks and data.
Over the past several years, Iranian cyber attacks, mainly from Revolutionary Guard-affiliated individuals or entities, have targeted critical infrastructure, financial institutions, election websites, and water plants in the US.
Following the Israel-Hamas conflict, Iran-backed hackers have intensified their activities. According to CrowdStrike, an American cybersecurity company, during the latter half of 2023, there was a noticeable increase in cyber operations by Iran-related groups and Middle East hacktivists, aligning with the events of the conflict.
In April 2023, the US pressed charges and imposed sanctions on Iranians associated with the Revolutionary Guard cyber command for a multi-year cyber campaign aimed at American companies.
In December, the US announced that the Islamic Revolutionary Guard Corps (IRGC) conducted cyber-attacks on American water plants. Subsequently, individuals involved were sanctioned. "The deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act," stated Brian Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence, announcing the sanctions.
Additionally, Microsoft's Threat Analysis Center (MTAC) observed in November that Iran, Russia, and China are likely to attempt to influence elections in the US and other nations in 2024.