What you need to know
- Microsoft an Iranian hacking group has targeted a 2020 U.S. presidential campaign.
- The attacks occurred throughout August and September.
- Microsoft doesn't name the candidate who was targeted, but no email accounts associated with the campaign were compromised.
Microsoft revealed today that email accounts associated with the campaign for a 2020 U.S. presidential candidate were recently targeted by an Iranian hacking group (via The Verge). Microsoft doesn't name the candidate, but it says that none of the accounts were compromised.
According to Tom Burt, Microsoft's vice president of customer security and trust, the attacks took place through a 30-day period spanning August and September. During that period, the hacking group, dubbed Phosphorous, tried to identify specific Microsoft customer accounts and gain access to them.
"The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran," Burt said. "Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials."
Microsoft says it believes Phosphorous is linked to the Iranian government. The group ultimately attempted to gain access to 241 accounts by trying to access secondary email accounts or using phone numbers to authenticate password resets.
The attacks "were not technically sophisticated," Microsoft says. However, the hackers had access to "a significant amount of personal information" on their intended targets.
