Microsoft revealed that it had discovered a hacking group linked to the Iranian government had already tried to hack into the emails of one of the 2020 presidential campaigns.
In a blog post Friday, Microsoft Corporate Vice President of Customer Service & Trust Tom Burt explained that his company had "recently seen significant cyber activity by a threat group we call Phosphorus, which we believe originates from Iran and is linked to the Iranian government."
Phosphorus had tried to gain access to Microsoft customer email 2,700 times. It specifically targeted accounts belonging to "a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran."
Phosphorus were successful in four cases. However, Microsoft did not specify which cases those were, beyond saying that "these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials."
In this attempt, rather than using sophisticated methods Phosphorus used backup email accounts and similar methods to reset users's passwords, or to try to initiate an account recovery. However, Burt warned readers not to dismiss this attack simply because the methods were simplistic.
"While the attacks we're disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks," Burt wrote. "This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering."
He also encouraged all users, to secure their accounts, and urged journalists and campaign staff to check their login activity to make sure that other people were not trying to access their accounts.