Iranians tried to hack U.S. presidential campaign in effort that targeted hundreds, Microsoft says

By Jay Greene and Tony Romm
Washington Post Updated – October 04, 2019

SEATTLE — A campaign believed to be tied to the Iranian government attempted to identify, attack and breach email addresses belonging to a U.S. presidential campaign, government officials and journalists, according to new data unveiled by Microsoft, highlighting the continued global security threats that loom over the fast-approaching 2020 election.

The intrusion observed by Microsoft, spearheaded by an outfit it calls Phosphorus, made more than 2,700 attempts to identify email addresses that belonged to the company’s customers over a 30-day period between August and September, 241 of which were then attacked. Four were compromised, but they do not belong to the presidential campaign or government officials, according to the tech giant.

Microsoft said it notified the customers attacked and has worked with those whose accounts were compromised to secure them. It declined to disclose the names of the account holders. The company declined to comment beyond a blog post disclosing the news Friday.

[It’s not just the Russians anymore as Iranians and others turn up disinformation efforts ahead of 2020 vote]

According to Microsoft, Phosphorus hackers tried to figure out how to reset passwords or otherwise trigger account recovery features to take over accounts. In some instances, Microsoft found that the group gathered phone numbers belonging to its targets to try to authenticate password resets.

The attacks were not “technically sophisticated,” Microsoft’s vice president of customer security and trust, Tom Burt, wrote in the blog post. But he noted that they used significant amounts of the targets’ personal information, suggesting that Phosphorus was willing to invest “significant time and resources engaging in research and other means of information gathering.”

For years, Iranian hackers have targeted U.S. officials through “large-scale intrusion attempts,” said John Hultquist, the director of intelligence analysis at the cybersecurity firm FireEye. But the aggressiveness of the country’s digital efforts has escalated as Tehran’s political standing with Washington has worsened, particularly in recent months as President Trump has threatened sanctions over the country’s nuclear program.

“The Iranians are very aggressive, and they could leverage whatever access they get for an upper hand in any kind of negotiations,” Hultquist said. “They could cause a lot of mayhem.”

Major tech companies also have been warning about the rising Iranian threat, largely out of concern that malicious actors originating in the country were spreading disinformation online. In May, for example, Facebook and Twitter said they had removed a sprawling Iranian-based propaganda operation, including accounts that mimicked Republican congressional candidates and appeared to try to push pro-Iranian political messages on social media. Some of those accounts similarly took aim at U.S. policymakers and journalists, researchers said at the time.

[Microsoft says it has found another Russian operation targeting prominent think tanks]

This isn’t Microsoft’s first brush with Phosphorus. The company, which names hacking groups after elements on the periodic table, seized 99 websites in March it said were used by the group to launch cyberattacks against government agencies, businesses and users in Washington. Microsoft said it had been tracking the group for six years. Other researchers have tagged the group Ajax Security Team, APT 35 and Charming Kitten.

At the time, Microsoft said Phosphorus had targeted activists and journalists, “especially those involved in advocacy and reporting on issues related to the Middle East.”

[Microsoft says it has found Iranian hackers targeting U.S. agencies, companies and Middle East advocates]

The Democratic National Committee warned campaigns about the Phosphorus attacks Tuesday, noting that the group has been targeting personal email accounts as well as work ones. The DNC recommended that members review logs for connection attempts in August and September.

“They create believable spear phishing emails and fake LinkedIn profiles as primary tactics,” according to the email from the DNC obtained by The Washington Post.

Spokespeople for the Trump campaign, as well as Democratic campaigns including those of Sens. Elizabeth Warren (D-Mass.), Kamala D. Harris (D-Calif.) and Cory Booker (D-N.J.), did not immediately respond to requests for comment. Spokespeople for former vice president Joe Biden and Sen. Bernie Sanders (I-Vt.) declined to comment.

11 thoughts on “Iranians tried to hack U.S. presidential campaign in effort that targeted hundreds, Microsoft says

  • June 23, 2020 at 4:01 am

    Amazing blog! Do you have any suggestions for aspiring writers?
    I’m planning to start my own website soon but I’m a little
    lost on everything. Would you recommend starting
    with a free platform like WordPress or go for a paid option? There are so many options out there that I’m completely overwhelmed ..
    Any suggestions? Thanks!

  • June 24, 2020 at 9:27 pm

    Good post. I learn something new and challenging on blogs I stumbleupon everyday.

    It’s always helpful to read through content from other writers and use a little something from other web sites.

  • June 26, 2020 at 10:50 am

    I love your blog.. very nice colors & theme. Did you create
    this website yourself or did you hire someone to do
    it for you? Plz reply as I’m looking to design my own blog and would like
    to know where u got this from. thanks

  • June 26, 2020 at 5:06 pm

    Thank you for the good writeup. It in reality was once a entertainment account it.
    Look complex to more added agreeable from you! However, how can we communicate?

  • June 28, 2020 at 2:52 am

    you’re really a excellent webmaster. The website loading speed is incredible.
    It seems that you’re doing any distinctive trick.
    Also, The contents are masterpiece. you have done a excellent process on this matter!

  • July 18, 2020 at 1:33 am

    Oh my goodness! Incredible article dude! Many thanks, However
    I am experiencing difficulties with your RSS. I don’t
    understand the reason why I can’t join it. Is there anyone else getting identical RSS problems?
    Anybody who knows the answer can you kindly respond? Thanx!!

  • July 26, 2020 at 2:34 am

    Hey! This is my first visit to your blog! We are a collection of volunteers and starting a new initiative in a community in the same niche.
    Your blog provided us beneficial information to work on. You have done a
    marvellous job!

  • July 27, 2020 at 4:53 pm

    Good day! I just wish to give you a huge thumbs up for your great information you’ve got right here on this
    post. I’ll be returning to your blog for more soon.

  • July 31, 2020 at 7:36 am

    I visited several web sites however the audio quality for audio songs existing at this site is
    genuinely superb.

  • August 5, 2020 at 8:29 pm

    Fine way of explaining, and good article to take data concerning my presentation topic, which
    i am going to convey in university.

  • August 11, 2020 at 5:05 am

    Thanks for the marvelous posting! I quite enjoyed reading it,
    you’re a great author. I will ensure that I bookmark your blog and may come
    back very soon. I want to encourage you to ultimately continue your great
    job, have a nice evening!


Leave a Reply

Your email address will not be published. Required fields are marked *