Microsoft Corp. (MSFT) has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks. The Microsoft Threat Intelligence Center (MSTIC) and Digital Security Unit (DSU) assess this as part of a broader spying objective to compromise organizations of interest to the Iranian regime. As India and other nations rise as major IT services hubs, more nation-state actors follow the supply chain to target these providers’ public and private sector customers worldwide, matching nation-state interests. Microsoft has issued over 1,600 notifications to over 40 IT companies in response to Iranian targeting, compared to 48 in 2020. The focus of several Iranian threat groups on the IT sector notably spiked in the last six months. Most of the targeting focuses on IT services companies based in India and several companies based in Israel and the …