India, April 7 -- A new Iran-linked password-spraying campaign is a reminder of an uncomfortable truth in cybersecurity: attackers do not always need a flashy zero-day when weak passwords and basic access gaps still open doors.

Between March 3rd and March 23rd, 2022, estimated to affect 300+ Isreali targets and 25+ UAE targets, all three separate waves of attacks appear to have been directed towards non-gov't entities (as well as gov't entities). Researchers indicate that in addition to targeting those alluded to above, they also have identified targets such as municipalities, energy companies, technology companies, transportation companies, and various private companies. The overall mix of targets gives the impression that this was a co...