Iran Caught Targeting US Presidential Campaign Accounts
Microsoft detected the so-called Phosphorus nation-state gang attacking 241 user accounts associated with a US presidential campaign, current and former US government officials, journalists, others.
A well-known Iranian nation-state hacking team has targeted 241 user accounts connected to a US presidential campaign, as well as existing and former government officials, journalists, and Iranian nationals residing outside that nation, according to Microsoft, which discovered the attacks.
Between August and September, Microsoft's Threat Intelligence Center spotted the so-called Phosphorus hacking group — aka APT 25, Charming Kitten, and Ajax Security Team — going after specific Microsoft customers. The group made more than 2,700 attempts to get those accounts, ultimately targeting 241 of them. They ultimately compromised four user accounts, none of which were associated with the US campaign or US government officials.
"Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them," said Tom Burt, corporate vice president of customer security and trust for Microsoft, in a blog post about the incident today.
The hackers spoofed password reset or account recovery alerts as a way to infiltrate the victim accounts. "For example, they would seek access to a secondary email account linked to a user's Microsoft account, then attempt to gain access to a user's Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets," Burt explained.
Phosphorus has been a relatively active threat group. Microsoft in March took down 99 phishing and other malicious websites run by Phosphorus, and the group was spotted in December 2018 targeting email accounts of US Treasury members, defenders, detractors, Arab atomic scientists, Iranian civil society figures, DC think-tank employees, and officials charged with enforcing the former US-Iran nuclear deal.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Rethinking Cybersecurity Hiring: Dumping Resumes & Other 'Garbage.'"
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024