+44 (0) 121 582 0192 [email protected]


In the world of cybersecurity, the threats facing organisations are constantly evolving. Password spray attacks have emerged as a particularly insidious method among the latest tactics employed by cyber adversaries. Recent reports indicate that Iranian hackers have been actively using password spray attacks to compromise defence organisations and pharmaceutical firms. This article delves into the details of this threat, highlighting the implications and the need for enhanced security measures.


The Anatomy of a Password Spray Attack


Before delving into the Iranian hackers’ actions, it’s essential to understand what a password spray attack entails. Unlike traditional brute-force attacks that target a specific account with numerous password attempts, password spray attacks involve attempting a few common passwords across a large number of accounts. This method makes it less likely to trigger account lockouts or alarms, making it an attractive choice for cybercriminals.


Iranian Hackers and Their Targets


Recent cybersecurity reports have identified Iranian hacker groups such as APT34 (OilRig) and Charming Kitten (Phosphorus) as the perpetrators of these password spray attacks. These groups have a history of cyber-espionage activities and have now focused on defence organisations and pharmaceutical firms.

Defence Organizations: The security of defence organisations is paramount, as they deal with sensitive military and national security information. Iranian hackers using password spray attacks can gain unauthorised access to confidential data, jeopardising national security.

Pharmaceutical Firms: The pharmaceutical industry is a prime target due to its research on vaccines, treatments, and medical advancements. Compromising the security of pharmaceutical companies can lead to the theft of valuable intellectual property, potentially delaying the development of crucial medicines.


Implications of Password Spray Attacks


  1. Data Theft: Password spray attacks can lead to unauthorised Defence access to sensitive information. Defence organisations could lose critical military secrets, while pharmaceutical firms may suffer intellectual property theft, affecting research and development efforts.
  2. National Security Threat: When defence organisations are compromised, the nation’s security is at risk. Stolen classified information could be used against a country’s interests or sold to a rival government.
  3. Economic Consequences: Pharmaceutical companies invest heavily in research and development. Intellectual property theft can result in financial losses and delays in bringing life-saving drugs to market.
  4. Reputational Damage: Security breaches can tarnish the reputation of defence organisations and pharmaceutical firms. Trust in these entities can erode, affecting relationships with partners, stakeholders, and the public.


Mitigating the Threat


To counter the threat of password spray attacks by Iranian hackers and other cyber adversaries, organisations must take proactive steps:

  1. Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security. Even if passwords are compromised, MFA can prevent unauthorised access.
  2. Regular Password Updates: Encourage employees to update their passwords regularly and avoid using easily guessable phrasesunauthorised.
  3. Employee Training: Provide cybersecurity training to employees to make them aware of the dangers of password spray attacks and phishing attempts.
  4. Continuous Monitoring: Employ advanced threat detection systems to identify unusual login patterns and unauthorized access attempts.
  5. Patch Management: Keep software and systems up-to-date to minimise vulnerabilities that hackers can exploit.




Using password spray attacks by Iranian hackers targeting defence organisations and pharmaceutical firms underscores cyber threats’ evolving and persistent nature. Organisations must remain vigilant, employ robust security measures, and invest in cybersecurity to protect their critical data and maintain the trust of their stakeholders. By doing so, they can stay one step ahead of cyber adversaries and mitigate the risks associated with these attacks.