A hacker group with ties to the Iranian government attacked 241 Microsoft email accounts “associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran,” the company said Friday in a blog post.
Phosphorus, Microsoft’s nickname for the hacker organization, attempted to identify more than 2,700 email accounts over a 30-day period in August and September to zero in on the 241 targetted addresses. Four accounts were compromised in the attack but none of them were tied to the presidential candidate or U.S. government officials, Microsoft says.
Update: Though Microsoft did not disclose the name of the targeted candidate, Reuters reports Iran-backed hackers went after President Donald Trump’s re-election campaign. A representative of the campaign told Reuters and CNBC, “We have no indication that any of our campaign infrastructure was targeted.”
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Microsoft VP of Security & Trust Tom Burt wrote in the blog post. “This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
Microsoft has been tracking Phosphorus — also known as APT 35, Charming Kitten, and Ajax Security Team — since 2013. The group uses a technique that involves notifying targets of a security breach and prompting them to enter their log-in information on a fake verification website that looks real, like outlook-verify.net. Microsoft has sued Phosphorus and other hacker groups to take control of those websites and redirect traffic into a kind of “sinkhole.”
In addition to publicizing incidents of nation-state hacking, Microsoft offers tools for government and election officials to protect their accounts. In 2018 the company launched AccountGuard, a service that notifies political organizations of threats. Earlier this year, Microsoft debuted ElectionGuard, a set of technology tools to secure election results and make systems more transparent for campaigns and voters.
Microsoft says it has alerted AccountGuard customers to more than 800 instances of attempted nation-state attacks to date.