Iranian hacking operation targeted 2020 campaign, government accounts

An Iranian-linked threat group attempted to identify and attack various email accounts belonging to Microsoft customers over a 30-day period, including those linked to an unnamed U.S. presidential campaign as well as current and former U.S. officials, the company announced Friday.

In a blog post, Microsoft detailed how a group known as “Phosphorous,” which the company believes may be linked to the Iranian government, made around 2,700 attempts to target customer email accounts, and then attacked 241 of these accounts between August and September of this year.

In addition to U.S. officials and the unnamed campaign, the threat group also targeted accounts belonging to journalists covering global politics and to Iranians living outside of Iran, according to the company.

Microsoft said that four of the attacks successfully compromised email accounts, though none of them were related to the U.S. presidential campaign or the government officials.

Microsoft has notified the customers whose accounts were compromised by the threat group.

“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Tom Burt, corporate vice president of Customer Security and Trust at Microsoft, wrote in the blog post.

“This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”

In targeting the email accounts, Phosphorous used research gathered on the individuals to try to take over the accounts through “gaming” the password reset process, including by accessing the user’s secondary email account to gain access to any verification emails sent from the Microsoft account.