Microsoft announced Friday that it had uncovered a hacking group associated with the Iranian government that had targeted journalists, current and former government officials, and at least one US presidential campaign.
The company released a statement saying that four consumer Microsoft email accounts had been compromised by a group its calling “Phosphorous,” but that those accounts did not belong to anyone associated with a presidential campaign or the government. The attackers were first observed making more than 2,700 attempts to identify specific Microsoft accounts over a 30-day period beginning in August, Microsoft said, and then targeted 241 specific accounts with phishing emails, fake LinkedIn accounts, and password-reset requests.
“Phosphorous is highly motivated and willing to invest significant time and resources.”
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” wrote Tom Burt, a Microsoft vice president overseeing customer security. “This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources.”
The Democratic National Committee also issued a warning to campaigns on Friday revealing that the committee had been contacted by Microsoft, suggesting they check system logs for a related IP address, and offering advice as to how to defend against such attacks.
The announcement comes amidst President Donald Trump’s urging the governments of Ukraine and China to get involved in the 2020 election by investigating former Vice President Joe Biden, one of his chief political rivals and among the most prominent Democratic candidates to replace him.