Microsoft Says Iranian Hackers Already Trying To Compromise US Political Campaigns

cyber security

The 2020 United States presidential election is over a year away, but there have already been several cyberattack attempts against presidential campaigns. Microsoft recently reported that a hacker group attacked nearly 250 accounts related to campaign workers, government officials, and reporters. The affected users have been notified and Microsoft has published information about the attack as a warning for others.
The Microsoft Threat Intelligence Center (MSTIC) noted that an Iranian hacker group referred to as “Phosphorus” attempted to identify the owners of more than 2,700 accounts. The hackers then attacked 241 of these accounts and successfully compromised four of them.

The accounts belonged to government officials, presidential campaign workers, and journalists who report on stories about the Iranian government and politics. The four compromised attacks thankfully did not belong to anyone currently working for the United States government or a presidential campaign.

It is not good that a hacker group could be able to access and manipulate these accounts, but it can also be dangerous for them to know the identity of the account’s owners. Many journalists and activists rely on privacy to prevent them from being physically harmed. Account access could provide hackers information about the owner’s location, contacts, etc.

microsoft defending democracy

The affected accounts are part of Microsoft’s AccountGuard initiative. Members of political campaigns, political party committees, government officials, NGOs, and journalists can sign up for an AccountGuard account. Microsoft’s team monitors and warns of threats, offers security advice and training, and allows customers to adopt previews of new programs. The purpose of the program is to protect elections, campaigns, and people “working on issues related to democracy” from cyberattacks. 

Phosphorus Hacker Group

How was Phosphorus able to compromise these accounts? The hackers attempted to manipulate password reset and other account recovery features. According to Microsoft they would, “seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account.”

This particular cyberattack was not widespread, but Microsoft is concerned about the hackers’ determination and dedication. They remarked, “his effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.” This is not the first time Microsoft has tangled with Phosphorus. This past spring Microsoft received a court order to take down domains that were controlled by Phosphorus. Let’s hope that these kinds of groups will not be able to disrupt or influence any of the upcoming elections.