Iranian hackers targeting Indian IT services firms to penetrate global giants

After Chinese threat actors, Microsoft has now warned that Iranian hackers are targeting IT services firms in India. The company said that it had observed “relatively little history” of Iranian hackers attacking Indian targets before July 2021, but it has grown since. “As India and other nations rise as major IT services hubs, more nation state actors follow the supply chain to target these providers’ public and private sector customers around the world matching nation state interests,” the company said in a blog post.

Further, Microsoft said that the company has issued over 1600 notifications to more than 40 IT companies globally in response to Iranian targeting in 2021. This is a significant increase from the 48 notifications the company issued in 2020. “The focus of several Iranian threat groups on the IT sector particularly spiked in the last six months – roughly 10-13% of our notifications were related to Iranian threat activity in the last six months, compared to two and a half percent in the six months prior,” the company said.

While these hackers are also targeting Israel and United Arab Emirates (UAE)-based companies, the technology giant noted that “most of the targeting” is focused on IT services companies based in India. 

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) pointed out that Iranian threat actors started compromising companies based in India in mid-August. The Windows-maker issued 1788 nation state notifications (NSNs) across Iranian actors to its enterprise customers in India, “roughly 80%” of whom are IT companies. It had issued only 10 such notifications in the last three years.

The company surmised that this sudden targeting of Indian IT firms was being done to gain indirect access to subsidiaries and clients they have outside the country. Indian IT firms handle the backend infrastructure for some of the largest companies in the world. “Such attacks are particularly lucrative and valuable to attackers because they give access to a large number of potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022,” security company Kaspersky said in a report earlier this week.

“In 2021, cybercriminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organizations’ supply chains and networks to achieve maximum disruption. The sophistication and scale of cyber-attacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks,” said Maya Horowitz, vice president of Research at security firm Checkpoint Research last month.