What is a password-spraying attack?

It's trying one weak password across many accounts. Avoids lockouts. Perfect for scale.

How to stop Iranian hackers targeting Microsoft 365?

Enforce MFA, geo-restrict logins, monitor logs religiously. No exceptions.

Is Pay2Key ransomware linked to Iran government?

Yes, ties to state-backed groups like Fox Kitten. Now RaaS with geopolitical targeting.

Iran's Hackers Spray Passwords at 300+ Israeli Microsoft 365 Targets—And It's Just Getting Started

Over 300 Israeli organizations got hit by an Iran-backed password-spraying campaign on Microsoft 365. It's sloppy, it's persistent, and it's a reminder that state hackers don't play fair.

Threat Digest Apr 07, 2026 3 min read

Cyber attack map highlighting Iran-linked password spraying on Israeli and UAE Microsoft 365 targets

⚡ Key Takeaways

Iran-linked actors password-sprayed 300+ Israeli Microsoft 365 orgs in three 2026 waves. 𝕏
Tactics include Tor, VPNs, and mailbox exfil; defenses stress MFA and log monitoring. 𝕏
Pay2Key ransomware revives with upgrades, blending crime and state-sponsored hits on enemies. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Gray Sandstorm #Iran cyber attacks #Iran cyber threats #Iran hackers #Iranian hackers #Microsoft 365 attacks #Microsoft 365 breach #Pay2Key ransomware #password spraying

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Iran's Hackers Already Sabotaging US Power and Water Grids

Iranian Hackers Are Back, Prodding U.S. PLCs in Water Plants and Power Grids

Iranian Hackers Erase Stryker's Digital Lifeline: Medtech's Nightmare Begins

Wiper Attacks from Iran: The Digital Eradication Wave Hitting Now

Stay in the loop