Microsoft Says Iran-Linked Group Tried to Hack US Campaign

This July 2014 photo shows the Microsoft Corp. logo outside the Microsoft Visitor Center in Redmond, Wash. (AP Photo/Ted S. Warren, File)

WASHINGTON (CN) — A hacking organization linked to the Iranian government launched attacks on Microsoft email accounts associated with an undisclosed U.S. presidential campaign, the tech giant said Friday.

Over a 30-day period from August to September, the Microsoft Threat Intelligence Center observed 2,700 attempts by the hacking group Phosphorous to identify certain email accounts before 241 total attacks were carried out.

Four of the attacks were successful, but none of them compromised accounts that were linked to the unnamed presidential campaign. Other targets included U.S. government officials, journalists and prominent Iranians living outside the country.

A Friday blog post by Vice President Tom Burt says Microsoft disclosed the attacks to be more transparent about foreign attacks that target democratic functions. In July, the tech giants announced it had detected 740 attempts to infiltrate data by nation-state actors, targeting think tanks, nonprofits and U.S. political campaigns.

“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Burt wrote. “This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”

In some instances, hackers would try to identify a user’s secondary email, then gain access to a primary account through a verification sent to the secondary email. In other cases, Phosphorus tried to use phone numbers to initiate password resets, according to Microsoft.

Foreign actors have previously targeted the U.S. government and politicians, with Russia’s 2016 disruption of the Democratic National Committee and Hillary Clinton campaign heightening American awareness of the threat and spurring an investigation by former special counsel Robert Mueller.

Friday’s announcement is a sign that foreign governments are looking for ways to potentially disrupt the 2020 presidential election as well.

A Monday report from CrowdStrike – the security firm hired by the DNC that analyzed the Russian hack five months before the 2016 election – said its Falcon OverWatch security system had identified China as one of the most active cyber threats this year. It has targeted health care, manufacturing, telecom and other industries more than any other nation, according to CrowdStrike.

Microsoft urged journalists and political campaigns to check their login history, which can show users where and when their last login was recorded.

The U.S. Department of Homeland Security said in a statement Friday that it will work with Microsoft to assess the level of the threat’s impact.

Chris Krebs, director of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said in a statement that most of the attacks were likely “run-of-the-mill” intelligence work.

“Microsoft’s claims that a presidential campaign was targeted is yet more evidence that our adversaries are looking to undermine our democratic institutions,” Krebs said.

%d bloggers like this: