# password-spraying campaign targeted Microsoft 365 environments in Israel and the U.A.E.

*business · news · 2026-04-06 · The Hacker News*

## Key points

- An Iran-linked actor conducted three password-spraying attack waves on Microsoft 365 in March 2026.
- Over 300 Israeli and 25 U.A.E. organizations were targeted, with some attacks extending to Europe and the U.S.
- Attackers used Tor exit nodes and commercial VPNs from AS35758, aligning with known Iranian tactics.
- Pay2Key ransomware resurfaced with upgraded evasion and anti-forensics, offering affiliates an 80% ransom share.
- A Linux variant of Pay2Key disables SELinux and AppArmor, enabling faster and more persistent encryption.

**Companies:** Microsoft, Check Point
**Countries:** Israel, United Arab Emirates, United States, United Kingdom, Saudi Arabia, Iran

[Read the full story on The Hacker News](https://thehackernews.com/2026/04/iran-linked-password-spraying-campaign.html)

---

Canonical: https://newsio.io/n/b311ab0f-9d3a-460a-83ee-52df9a914f9c/password-spraying-campaign-targeted-microsoft-365-environments-in-israel-and-the
Summarized by Newsio from The Hacker News. https://newsio.io/how-it-works