Microsoft Says Iranians Tried To Hack U.S. Presidential Campaign
BY SHANNON BOND
Microsoft says a hacker group with ties to Iran has targeted a U.S. presidential campaign, in the latest sign that foreign governments may try to influence the 2020 election.
In a blog post published Friday, Tom Burt, a Microsoft security executive, said the company has seen “significant cyber activity” by a group it is calling Phosphorus. Burt said Microsoft believes the group “originates from Iran and is linked to the Iranian government,” although he did not say how the company reached that conclusion.
A Microsoft spokesman declined to name the campaign, citing privacy concerns. Burt said the hackers also tried to break into the accounts of current and former U.S. government officials, journalists covering politics and prominent Iranians living outside Iran.
The attacks took place in August and September, according to Microsoft. Burt said hackers made more than 2,700 attempts to identify email accounts connected to specific customers and carried out attacks on 241 of those accounts.
They compromised four accounts, but none were associated with the political campaign or government officials, Microsoft said.
The hackers collected personal information, including phone numbers, in their efforts to gain access to the email accounts using password reset or account recovery functions, the company said.
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Burt wrote in the blog post. “This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
Intelligence agencies have warned that foreign governments including Iran may try to influence American politics leading up to next year’s election.
In July, Burt said Microsoft had flagged nearly 800 cyberattacks suspected of being carried out by nation-states on political organizations.
Facebook and Twitter have each suspended hundreds of accounts originating from Iran that were linked to a coordinated disinformation campaign.