An Iranian-government linked group of computer hackers tried to infiltrate email accounts of a U.S. presidential campaign, current and former U.S. officials and journalists, among others, Microsoft Corp. said.
Four accounts, though none connected to the unnamed presidential campaign or the current and former U.S. government officials, were “compromised” by the group, called Phosphorus, Tom Burt, Microsoft’s vice president for customer security & trust, said Friday in a blog post.
The attacks took place “in a 30-day period between August and September,” Burt said in the post. Phosphorous made “more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts,” he said. “The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.”
Microsoft’s announcement comes as the presidential campaign heats up amid concerns the 2020 election faces the same dangers as the Russian hacking and social-media effort in 2016.
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Burt said in the post. “This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
Reuters and the New York Times reported that President Donald Trump’s re-election campaign was targeted in an attack by Iranian hackers, citing people familiar with the issue. “We have no indication that any of our campaign infrastructure was targeted,” Tim Murtaugh, the Trump campaign communications director, said in a statement to Bloomberg.
Cyber-attacks during the 2016 election included the targeting of personal email. It’s unclear if the “consumer email accounts,” highlighted by Microsoft are personal or official campaign accounts that would be considered part of a campaign’s infrastructure.
Spokesmen for the campaigns of Democratic presidential candidates Joe Biden and Bernie Sanders declined to comment. The campaign of Democrat Kamala Harris has “no indication” it was the organization referenced by Microsoft, Ian Sams, a campaign spokesman, said. Other major presidential campaigns couldn’t immediately be reached for comment.
The Democratic National Committee received an alert about the cyber-attack from Microsoft and warned the campaigns of its presidential candidates, according to an email obtained by Bloomberg News. “As always, please be sure everyone in the organization has completed the DNC Device and Account Security Checklist and that your organization is incorporating our top 10 list for running an effective security program,” the committee wrote in its email.
The campaigns were asked to tell the DNC if they “have seen any trace of this actor” so the committee could track investigations into the hack.
The Phosphorous group has previously targeted dissidents, activists, the defense industry, journalists and government employees in the U.S. and Middle East, according to Microsoft. The company announced in March it had taken successful court action against Phosphorous and seized 99 websites from the hackers, preventing them from using the pages for cyber-operations.
Cybersecurity company FireEye Inc. has seen a spike in Phosphorous activity in the U.S. and Middle East since the summer, said John Hultquist, the company’s director of intelligence and analysis.
“While we suspect that a lot of this activity is about collecting intelligence, Iran has a history of carrying out destructive attacks,” Hultquist said. Phosphorous, known by FireEye as APT 35, is “one of a handful of Iranian actors that we’ve seen actively carrying out large scale, noisy intrusion attempts,” which have taken place in countries including the U.S., Israel, the United Arab Emirates, and Saudi Arabia, he said.
In July, Microsoft announced it had countered almost 10,000 hacks globally stemming from state-sponsored attacks in the previous 12 months. The effort included hundreds of attacks on democracy-focused groups, particularly non-governmental organizations and think tanks, which were mostly based in the U.S., the company said.
Later that month, the Senate Intelligence Committee reported that Russia engaged in “extensive” efforts to manipulate elections systems throughout the U.S. from 2014 through “at least 2017.” And a Trump administration official said in June that Russia, China, and Iran are already trying to manipulate U.S. public opinion before 2020.