Someone tried to hack at least one 2020 U.S. presidential campaign as well as American journalists and government officials, according to a new warning from Microsoft. And that “someone” might be a group of hackers working for the Iranian government.
That stunning news was shared by Tom Burt, Microsoft’s corporate vice president for customer security & trust, in a post to Microsoft’s website Saturday, warning of “significant cyber activity” by a hacking group that they’re calling Phosphorus. At least four accounts of the 241 that Microsoft detected were compromised, the company said.
It is currently unknown which of the dozen remaining Democratic presidential campaigns is among those targeted.
In a 30-day period between August and September, the Microsoft Threat Intelligence Centre (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts.
The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran. Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials.
Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them.
Microsoft says that while the attacks aren’t very sophisticated from a technical point of view, they’re still a concern because the hackers are “highly motivated” and apparently “willing to invest significant time and resources” to get into targeted accounts. The company writes:
Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts.
For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.
While Microsoft says it believes Phosphorus “originates from Iran and is linked to the Iranian government,” it is notoriously difficult to attribute cyberattacks to specific groups or people.
What can people do to protect their accounts? Two-factor authentication is a must, though as we’ve seen, even that can be fooled through human intelligence gathering and tricky calls to customer service lines.
Further, two-factor authentication that uses SMS messages to deliver the authentication code is known to be insecure, as Microsoft appears to allude to in its warning: “In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.” Instead, use a physical security key or, if that’s unavailable, an authentication app like Authy or Google Authenticator.
Microsoft also encourages potential targets to check in their login history every so often to make sure that no one else is signing in using your credentials. Clearly, the hackers want information and aren’t your typical thieves looking to steal your credit card or banking login.
Trump has repeatedly encouraged foreign countries to interfere in U.S. elections, and while Trump isn’t on good terms with Iran right now, he’s clearly sending all the wrong signals about foreign interference in the 2020 presidential election.
Two-factor authentication on your accounts is good, throwing Trump out of office is great.