A series of cyberattacks targeted at U.S. presidential candidates and their campaigns, journalists, and current and former government officials is said to be linked to and backed by the Iranian government, according to a recently published report from Microsoft’s Threat Intelligence Center. According to Microsoft, the Phosphorous group is behind the attacks, and the hackers were observed to have made more than 2,700 attempts in identifying Microsoft customer emails in a 30-day period between August and September. Among those attempts, hackers tried to gain access to 241 of those accounts.
In order to carry out the account hack, Phosphorous used personal information about their targets obtained through copious amounts of research. The information was used to game password reset and account recovery features, Microsoft said.
“For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account,” Microsoft detailed in its cybersecurity blog post. “In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”
Given the news of the recent attacks, it is advised that users enable multi-factor or two-factor authentication on online accounts that support these enhanced security measures. Microsoft also suggests that users monitor their account history log to see if any unauthorized logins were made or attempted.
Of the 241 attempted attacks, Microsoft reported that a total of four accounts were compromised. These accounts were not linked to any U.S. presidential campaigns or any government officials, and the company has notified affected account holders and is working with them to secure these accounts. Microsoft did not identify the owners of the hacked accounts.
Although these cyberattacks by Phosphorous comes at a sensitive time as the U.S. heads into the 2020 presidential elections, it’s not the first time that the group has been linked to attacks on computer systems of businesses and governments. In the past, it’s been reported that Phosphorous would use spear-phishing techniques to steal trade secrets and gain access to sensitive information. Microsoft had been tracking the group’s activities since 2013, and Microsoft’s Digital Crimes Unit had won a court case filed in the U.S. District Court for Washington D.C. that allowed the organization to take control of — and shut down — 99 websites used by Phosphorous in its hacks.