Microsoft Security Alert: Iranian Hackers Targeted Presidential Candidate, Others

Microsoft reported Friday Iranian hackers have been targeting the email accounts of at least one presidential candidate as well as journalists and government officials, apparently with the backing of the Tehran government.

The hacking is being conducted by a group dubbed Phosphorus and was detected through Microsoft’s AccountGuard software, designed to protect customers from cybersecurity threats. Microsoft has been tracking Phosphorus since 2013.

“We’re sharing this for two reasons,” Tom Burt, corporate vice president for customer security and trust, said in a blog post. “First, it is important that we all – governments and private sector – are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes.

“Second, while we have processes to notify customers about nation state activity and have AccountGuard to monitor accounts of campaigns and other associated organizations related to election processes in democracies around the world, publishing this information should help others be more vigilant and take steps to protect themselves.”

Microsoft said during a 30-day period in August and September, more than 2,700 attempts were made to identify consumer email accounts and attacks were made on 241 of them.

“The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran,” Microsoft said.

Four accounts were compromised, and the customers have been notified, Microsoft said. None belonged to candidates or government officials.

The hackers tried to take over the accounts by triggering account recovery features to reset passwords. The group also tried to obtain phone numbers to authenticate the password resets. Burt said the attacks were not technically sophisticated but resulted in a significant amount of information.

Burt told a July security conference the company had evidence Russian, Iranian and North Korean hackers were involved in cyberattacks against nongovernment organizations and think tanks working closely with political campaigns.

Microsoft said in May it had seized control of 99 websites Phosphorus used as platforms from which to conduct hacking operations.

U.S. intelligence agencies determined Russian hackers compromised Democratic emails during the 2016 presidential election campaign, stealing emails from both the Democratic National Committee and John Podesta, who chaired Hillary Clinton’s presidential campaign.

The Iranian hack comes as tensions have been growing between Washington and Tehran. The administration has been ramping up economic sanctions since pulling out of the nuclear agreement worked out with Iran and European allies. President Trump has been pushing for a stricter deal.

Twitter shut down more than 7,000 phony accounts set up by Iran in March aimed at influencing U.S. political discourse, taking a page from Russia’s 2016 success.