Iran-linked hackers tried to compromise presidential campaign, Microsoft says
A group of hackers believed to be linked to the government of Iran tried to access email accounts associated with a U.S. presidential campaign, Microsoft announced Friday.
The company said that it had seen "significant cyber activity" from a group of hackers that it believes "originates from Iran and is linked to the Iranian government."
Microsoft said that its threat-tracking operation found the group attacked 241 email accounts associated with current and former U.S. government officials, journalists, prominent Iranians outside Iran and one U.S. presidential campaign. Microsoft did not name the campaign that was targeted.
The company said that the attack on the campaign was unsuccessful but that the hackers were able to access four accounts not associated with the campaign or the current and former government officials.
Tom Burt, vice president of customer security and trust for Microsoft, wrote in a blog post that the Iran-linked group, which the company refers to by the name Phosphorous, gathered information about people in an attempt to trick them into falling for phishing schemes, in which the group attempted to use password reset or account recovery features to take over accounts.
"While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks," Burt wrote. "This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering."
While Russia remains a fixture of election security concerns, other nations have also emerged as legitimate threats. In January, then-Director of National Intelligence Dan Coats warned that numerous countries — including China and Iran — are poised to try to influence American politics and that they are expected to be honing their tactics and coming up with new exploits.
Former special counsel Robert Mueller concluded in his report on Russia's 2016 election interference efforts that the emails were transmitted from a Russian-government proxy to a third party, which eventually gave them to Wikileaks.
Despite widespread agreement that foreign adversaries will attempt to influence the election, the U.S. government has been slow to approve the funding necessary to help local jurisdictions prepare for 2020. In September, Senate Majority Leader Mitch McConnell reversed course and announced support for an appropriations bill that would earmark $250 million for election security.
But the U.S. has also been reticent under President Donald Trump to join international efforts to address cybersecurity issues. The U.S. did not sign on to the Paris Call for Trust and Security in Cyberspace, which received support from more than 50 countries and 130 private companies and groups.
In the blog post, Burt urged "all governments, companies and advocacy groups" to consider joining the agreement, as well as the Cybersecurity Tech Accord, another public cybersecurity commitment signed by more than 100 companies.
"These are two important initiatives that aim to keep the internet safer from the types of malign activity we’re discussing today," he wrote.