The suspected Iranian hackers successfully breached fewer than 20 of more than 250 organisations subject to the attack on Microsoft Office 365 users.
Microsoft concluded Iran was behind the attack because the activity “supports the national interests” of Iran and aligns with the techniques and targets of other hacks originating in the country.
The software firm said it first became aware of the hack in late July.
The hack “supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans,” it said.
“Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite programme.”
The hack was not said to have been sophisticated. Attackers used a technique known as “password spraying” in which they repeatedly try to compromise accounts by using a series of common and frequently used passwords.
The targets were defence companies that work with the US, EU and the Israeli government to supply military-grade radars, drone technology, satellite systems and emergency response communication systems. All of the maritime and cargo transportation firms that were targeted maintain a business presence in the Middle East.
A trove of data
Organisations operating at regional ports of entry to the Arabian Gulf were attacked. Other targets included Microsoft customers working in geographic information systems (GIS) and spatial analytics.
A successful hack it would have elicited a trove of valuable data.
In recent months, tensions in the region have simmered as tanker attacks and maritime incidents in the Arabian Gulf have increased.
In August, two crew members were killed after an attack on an Israeli-managed tanker off Oman. The US, Israel and Britain all blamed Iran for the attack. One week later, maritime security experts blamed Iranian-backed forces for the seizure of an oil tanker off the coast of the UAE. Iran has denied responsibility for both attacks.