FILE – Microsoft detected a campaign linked to the Iranian government attempted to identify, attack and breach email addresses belonging to U.S. presidential campaigns, government officials and journalists. (Ted S. Warren, File)
SEATTLE — A campaign believed to be tied to the Iranian government attempted to identify, attack and breach email addresses belonging to a U.S. presidential candidate, government officials and journalists, according to new data unveiled by Microsoft, highlighting the continued global security threats that loom over the fast-approaching 2020 election.
The campaign observed by Microsoft, which it dubbed Phosphorus, made more than 2,700 attempts to identify email addresses that belonged to the company’s customers over a 30-day period between August and September, 241 of which were then attacked. Four were compromised, but they do not belong to presidential campaigns or government officials, according to the tech giant.
Microsoft said it notified the customers attacked and has worked with those whose accounts were compromised to secure them. It declined to disclose the names of the account holders. The company declined to comment beyond a blog post disclosing the news Friday.
According to Microsoft, Phosphorus hackers tried to figure out how to reset passwords or otherwise trigger account recovery features to take over accounts. In some instances, Microsoft found that the group gathered phone numbers belonging to its targets to try to authenticate password resets.
The attacks were not “technically sophisticated,” Microsoft vice president of customer security and trust Tom Burt wrote in the blog post. But he noted that they used significant amounts of personal information of the targets, suggesting that Phosphorus was willing to invest “significant time and resources engaging in research and other means of information gathering.”
For months, major tech companies have been warning about the rising Iranian threat, largely out of concern that malicious actors originating in the country were spreading disinformation online. In May, for example, Facebook and Twitter said they had removed a sprawling Iranian-based propaganda operation, including accounts that mimicked Republican congressional candidates and appeared to try to push pro-Iranian political messages on social media. Some of those accounts similarly took aim at U.S. policymakers and journalists, researchers said at the time.
[Microsoft says it has found another Russian operation targeting prominent think tanks]
This isn’t Microsoft’s first brush with Phosphorus. The company, which names hacking groups after elements on the periodic table, seized 99 websites in March it said were used by the group to launch cyberattacks against government agencies, businesses and users in Washington. Microsoft said it had been tracking the group for six years. Other researchers have tagged the group Ajax Security Team, APT 35 and Charming Kitten.
The Democratic National Committee warned campaigns about the Phosphorus attacks Tuesday, noting that the group has been targeting personal email accounts as well as work ones. The DNC recommended that members review logs for connection attempts in August and September.
“They create believable spear phishing emails and fake LinkedIn profiles as primary tactics,” according to the email from the DNC obtained by The Washington Post.
Spokespeople for the Trump campaign, as well as Democratic campaigns including former vice president Joe Biden, Sens. Elizabeth Warren, Kamala D. Harris and Cory Booker, did not immediately respond to requests for comment.
For years, Iranian hackers have targeted U.S. officials through “large-scale intrusion attempts,” said John Hultquist, the director of intelligence analysis at the cybersecurity firm FireEye. But the aggressiveness of the country’s digital efforts have escalated as Tehran’s political standing with Washington as worsened, particular in recent months as President Trump has threatened sanctions over the country’s nuclear program.
“The Iranians are very aggressive and they could leverage whatever access they get for an upper hand in any kind of negotiations,” Hultquist said. “They could cause a lot of mayhem.”
[Microsoft’s president chides Facebook, urges new approaches to combat weaponization of tech]
Comments