Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says

Iranian us cyberattack

A group called Phosphorous has been trying to access Microsoft-based email accounts of people associated with the campaign.

A group of hackers tied to Iran has been attempting to break into accounts associated with the 2020 reelection campaign of President Trump, researchers have discovered.

Researchers from the Microsoft Threat Intelligence Center said they first observed activity from a group called Phosphorus in August, the company reported in a recent blog post.

Later, news outlet Reuters identified those accounts as belonging to members of the Trump campaign, noting that “Trump’s official campaign website is the only one of the remaining major contenders’ sites that is linked to Microsoft’s cloud email service.”

Specifically, during a 30-day period between August and September, Microsoft researchers observed Phosphorus making made more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers. The hackers then tried to attack 241 of those accounts, according to Microsoft.

“The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran,” the company said.

Phosphorus was successful in compromising four accounts not related to the campaign or current or former U.S. officials, Microsoft said. The company worked with those affected to secure the accounts, according to the post.

While the attacks themselves were not “technically sophisticated,” what was significant about them is that attackers used a lot of personal information to identify targets and also to attempt their attacks, according to Microsoft.

“This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering,” researchers said.

Specifically, attackers used information to try to reset passwords or use account-recovery features in their attempts to take over some targeted accounts, researchers said.

One type of attack was an attempt to gain access to a secondary email account linked to a user’s Microsoft account and then, once achieved, try to use verification sent to that secondary account to access the Microsoft account. Attackers even used phone numbers of their targets to try to authenticate password resets in their attempts to hack accounts, according to Microsoft.

Since it’s believed that Russia interfered with the 2016 election, evidence of potential interference by Iranian hackers in the upcoming elections is certainly troubling, but not surprising, said experts. One prominent Iran political expert noted that the Islamic state has a vested interest in the election and its outcome.

“Who becomes the next U.S. President is critical to the survival of the Islamic Republic, [especially] as sanctions take their toll and the regime figures out a way to return America to JCPOA,” Alireza Nader, CEO of New Iran and former RAND analyst, Tweeted.

The JCPOA is the Joint Comprehensive Plan of Action, better known as the Iran nuclear deal—an agreement between Iran and most of the members of the United Nations security council. President Trump has taken a hardline stance against Iran not only with sanctions, but also with his controversial withdrawal last year from the JCPOA.

Iran historically has met political action against the country with increased cyber attack activity, according to research firm Recorded Future. Consequently, it seems Iran state-sponsored actors have significantly ramped up their cyber attacks against the U.S. as hostilities between the two countries have increased.

The Islamic nation in recent months has bolstered its cyber assault on the U.S. government, with cyber espionage activity reported against government contractors in May and Iranian-backed cyber attacks with destructive wiper malware reported against government agencies in June.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.