A hacking group tied to the Iranian government reportedly made unsuccessful attempts to break into President Trump’s 2020 re-election campaign infrastructure.
The Trump attack was part of a 30-day volley of cyber strikes on hundreds of email accounts belonging to Microsoft customers launched by a cyber crew known as Phosphorus. The hackers made about 2,700 forays aimed at Microsoft customers' email accounts this past August and September, ultimately zeroing in on 241 of those accounts, Microsoft said in a blog post.
The hackers specifically tried to infiltrate accounts belonging to current and former U.S. government officials, journalists covering global politics and “prominent” Iranians living outside of Iran, Tom Burt, Microsoft customer security and trust corporate vice president, wrote in the blog. Four email accounts were compromised in the cyber raid, Burt said, none of which were associated with the U.S. presidential campaign or federal government officials. Reuters reported, however, that the threat group went after the Trump 2020 re-election campaign. A Trump spokesperson told the media outlet that the campaign had "no indication that any of our campaign infrastructure was targeted."
"While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” he said. “This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
The group’s playbook apparently centered on using information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts. “They would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account,” Burt said. “In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”
Microsoft has notified the customers related to these investigations and threats and has secured the compromised accounts as requested, Burt said. Microsoft’s Digital Crimes Unit is also on the case. While the vendor has processes in place to notify customers about nation-state cyber events along with its AccountGuard service to monitor political campaign accounts, it went public with word of the email attacks to help others “be more vigilant and take steps to protect themselves,” Burt wrote. It’s important for the public and private sector to be more “transparent about nation-state attacks and efforts to disrupt democratic processes,” he said.