Iran-Linked Password-Spraying Campaign Targets Microsoft 365 Organizations

An Iran-linked threat actor is suspected of conducting a password-spraying campaign targeting over 300 Microsoft 365 organizations in Israel and the United Arab Emirates. The campaign occurred in three distinct waves on March 3, March 13, and March 23, 2026, as identified by Check Point. The attacks focused on compromising Microsoft 365 environments amid ongoing Middle East conflict. No specific malware, CVE IDs, or technical attack vectors beyond password-spraying were disclosed. The activity remains ongoing, with no further details on successful breaches or data exfiltration provided.