Microsoft says suspected Iranian hackers tried to breach a US presidential campaign

Microsoft cybersecurity officials reported Friday that Iranian hackers attempt to breach accounts from at least one US presidential campaign, as well as from US government officials, journalists, and Iranians living abroad. The incidents took place between the period extending from August to September of this year, according to a blog post on the company that the described the detail of the attacks.

In a separate report obtained by Wall Street Journal, the tech giant also sent an alert to the Democratic National Committee on Friday warning them to be vigilant about the attempts.  According to Tom Burt, Microsoft’s vice president of security and trust, the Iranian hackers made “more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts.”

“Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorus, which we believe originates from Iran and is linked to the Iranian government,…” Burt echoed.

Commenting on the attack, Burt said: “In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts. The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran. Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials. Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them.”

He continued: “Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts. For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”

Microsoft recommended user take the following precautions: “People can also periodically check their login history, and we recommend this for journalists, political campaigns staff, and others interested in assuring account security. These logs are made available through the Account Security Sign-In Activity tab. They are easy to read and look like this:”