Hacking group linked to Iranian gov’t tried to break into US Presidential candidate’s email, says Microsoft

Kareem Anderson

microsoft cybercrime division Adware

Reporting of nation-state attacks has been increasing over the past handful of years as both journalists and targeted entities are becoming more transparent about the data and personal information of citizens, customers and users that are put at risk.

Either directly or by proxy tech companies have increasingly been getting involved with local and state governments to help combat meddling as well as protect their users from the growing wave of nation-state attacks, some of which are directed at disrupting the democratic processes within countries.

Microsoft most notably has developed and cultivated its AccountGuard service to help “monitor accounts of campaigns and other associated organizations related to election processes in democracies around the world, publishing this information should help others be more vigilant and take steps to protect themselves.”

In doing so, Microsoft was able to monitor and help notify the Iranian government to 2,700 attempts from a threat group they dubbed Phosphorus, to identify consumer email accounts that were linked to specific Microsoft customers. Being a nation-state attack, Phosphorus targeted 241 accounts associated with “U.S. presidential campaign, current, and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.”

Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts. For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.

Unfortunately, four accounts had been compromised and Microsoft obviously is mum on the information regarding those breaches but has notified the customers directly and helped to resecure them.

In the wake of the attacks and breach, Microsoft is calling on not only governments to help combat these constant attacks but on customers to be aware and take the necessary steps to help keep themselves safe from sophisticated and, in this instance, unsophisticated but persistent attacks.