Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

By Ravie Lakshmanan | April 06, 2026

A sophisticated cybersecurity campaign linked to Iran has been discovered targeting over 300 Israeli Microsoft 365 organizations through password-spraying attacks, highlighting ongoing geopolitical cyber tensions in the region.

The campaign represents a significant escalation in state-sponsored cyber activities targeting Israeli infrastructure and organizations. Password-spraying attacks involve attempting to access accounts by trying commonly used passwords against multiple usernames, making them difficult to detect through traditional security measures.

The targeting of Microsoft 365 organizations is particularly concerning given the platform's widespread adoption across government agencies, businesses, and critical infrastructure providers. These attacks could potentially provide attackers with access to sensitive communications, documents, and operational systems.

Security researchers are continuing to investigate the scope and impact of these attacks while organizations are advised to implement additional security measures including multi-factor authentication and enhanced monitoring for suspicious login attempts.