Microsoft reveals Iranian hackers attacked US 2020 presidential campaign
Microsoft has revealed it has detected a significant number of attempts to compromise email addresses connected to US government officials and individuals associated with a US presidential campaign. The cyber attacks are suspected to have originated in Iran.
Tom Burt, Microsoft’s vice president of customer security and trust, revealed the cyberattacks in a blog post on the 4th of October. Burt says the Microsoft Threat Intelligence Center (MSTIC) detected over 2700 attempts to identify specific email accounts over a 30 day period spanning August and September. Microsoft observed 241 subsequent individual accounts directly targeted, with those emails belonging to individuals involved in, “U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.”
Burt notes these attacks were not “technologically sophisticated” and came from a hacking group known as Phosphorus. Microsoft’s Digital Crimes Unit has reportedly been tracking Phosphorus since 2013, and the group is suspected to be associated with Iranian hacking operations. The latest hacking activity involved harvesting personal information to try to gain access to email accounts.
“Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts,” Burt explains in the blog post. “For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”
Microsoft has not revealed which specific presidential campaign was targeted by the hackers. However, several sources, including Reuters and CNBC, are reporting the target was Donald Trump’s 2020 presidential campaign. Tim Murtaugh, communications director for Trump’s 2020 campaign, has stated there is “no indication that any of our campaign infrastructure was targeted.”
Last year Facebook revealed it had identified a major “influence campaign” originating from Iran. The suspicious activity resulted in the removal of hundreds of pages, groups and accounts from the platform. At the time cybersecurity firm FireEye noted the Iranian misinformation included, “significant anti-Trump messaging and the alignment of social media personas with an American liberal identity.”
In this latest revelation of attempted election interference, Microsoft’s Tom Burt states the importance of being, “increasingly transparent about nation-state attacks and efforts to disrupt democratic processes.” If the Trump campaign is verified as the target, this case is a reminder that foreign interference in US elections can targeted at both sides of the political spectrum.