Microsoft says Iran hackers targeted US presidential campaign
Only four accounts were compromised as a result of the 'significant cyber activity of the threat group'
Microsoft on Friday said a hacker group linked to Iran unleashed cyber attacks on US journalists, government officials, accounts associated with a US presidential campaign and prominent expatriate Iranians.
Only four accounts were compromised as a result of the "significant cyber activity of the threat group," Tom Burt, Microsoft's corporate vice president of computer security and trust, said in an online post.
He did not identify which presidential candidate's campaign was in the crosshairs of hackers, nor whose accounts were breached.
A group Microsoft dubbed "Phosphorous" tried to identify email accounts of targets that included US officials, journalists covering global politics, prominent Iranians living outside that country, and a presidential campaign, according to Burt.
"Phosphorous used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts," Mr Burt said.
Reuters and The New York Times reported that the attack targeted President Donald Trump's reelection campaign, but this could not be independently confirmed.
Tim Murtaugh, spokesman for Mr Trump's 2020 reelection campaign, said there was "no indication that any of our campaign infrastructure was targeted".
During a 30-day period that ended in September, Microsoft Threat Intelligence Center spied more than 2,700 attempts to identify email accounts of targets, according to the US computing colossus.
Microsoft believed that Phosphorous "originates from Iran and is linked to the Iranian government."
Mr Burt said that Microsoft notified those whose accounts were targeted, advising them to ramp up their online defenses.
The attacks were not technically sophisticated, attempting to use personal information such as telephone numbers gathered to identify email accounts or dupe systems into allowing passwords to be reset.
"This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering," Mr Burt said.
The company has previously taken legal steps to combat Iran-linked hackers, suing them in federal court in Washington DC, so Microsoft could take control of websites Phosphorous used to conduct hacking operations and to stop attacks.
The US. Department of Homeland Security said it was working with Microsoft to "assess and mitigate impacts." Chris Krebs, director of the department's Cybersecurity and Infrastructure Security Agency, said much of the activity is likely "run-of-the-mill" foreign intelligence service work.
But, "Microsoft's claims that a presidential campaign was targeted is yet more evidence that our adversaries are looking to undermine our democratic institutions," Mr Krebs said.
Facebook early this year shut down more than 2,600 fake accounts linked to Iran, Russia, Macedonia and Kosovo that were aiming to influence political sentiment in various parts of the world.
It was part of an ongoing effort by the leading social network to shut down "inauthentic" accounts on Facebook and Instagram seeking to influence politics in the United States and elsewhere.
In the action, Facebook said it removed 513 pages, groups and accounts tied to Iran that were operating in Egypt, India, Indonesia, Israel, Italy, Kashmir, Kazakhstan and various areas of the Middle East and North Africa.
In January, Facebook took down hundreds of accounts from Iran that were part of a vast manipulation campaign operating in more than 20 countries.
Updated: October 5, 2019 01:17 PM