As recently discovered by Microsoft, Iranian hackers targeted Trump’s campaign and tried to hack it. The discovery was made by the Microsoft Threat Intelligence Centre.
Microsoft calls the Iran-linked hacker group Phosphorous and has tracked its activity in the past. The group is also known as APT 35 and Charming Kitten. In March, unsealed court records revealed that Microsoft had obtained a court order to take over and dismantle 99 websites the group had used to drive its attacks.
Hackers connected to the Iranian government have targeted a U.S presidential campaign, Microsoft stated Friday. While Microsoft wouldn’t say which candidate’s operations the Iranian hackers hit, Sources told it was President Trump’s reelection campaign in the crosshairs.
As per the official blog, Phosphorus hacking group made around 2,700 efforts to pick out email accounts that were connected with some particular Microsoft customers. based on this, the group tried hacking 241 of the recognized accounts.
Microsoft announced it notified the customers attacked and has worked with those whose accounts were compromised to secure them. It refused to disclose the names of the account holders, including the presidential campaign that had been targeted. Microsoft declined to comment beyond a blog post publishing the news on Friday.
Tim Murtaugh, a spokesman for President Trump’s 2020 campaign, said he has “no indication that any of our campaign infrastructures was targeted.” Asked to explain whether Microsoft had contacted the campaign about Iranian targeting of either the campaign or campaign personnel’s personal email accounts, Murtaugh said: “We have no further comment.”
However, Iranian hackers Targeted Trump’s Campaign and these efforts warned cybersecurity intelligence firms.
Iranian hackers have increasingly ramped up their actions against US targets roughly since October 2017, when Trump first stated that he would not recertify Iran’s agreement with the 2015 Obama administration’s nuclear agreement.
Although, over the past few months, tensions between the two countries have escalated, even more, fueling combative speech from Trump and cyber aggression on both sides.
More troublingly, the attack drives home the point that experts have long warned about: Russia’s not the only country interested in interfering in the 2020 US election.
“Due to the success of the Russians in the 2016 US election, their model is being emulated across the globe,” says Jeff Bardin, a chief intelligence officer of the cybersecurity intelligence firm Treadstone, which controls Iranian hacking activity.
Phosphorus, it stated, made more than 2,700 attempts to identify people’s email accounts over a 30-day period in August and September. It then attacked 241 accounts.
“The targeted accounts are associated with a US presidential campaign, current and former US government officials, journalists covering global politics and prominent Iranians living outside Iran,” Microsoft said.
“In terms of who Iran might target in the US, you would have to ask yourself what candidate or candidates would best suit Iranian needs as a president of the United States.
And the exciting thing with that is that Iran’s effort would likely be counter to the efforts of Russian cyber-operations and those of other countries. So what you end up having is the potential for various massive efforts to manipulate the American voter that may turn to absolute noise and contradictory data.”
“Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorus, which we believe originates from Iran and is linked to the Iranian government,” a Microsoft announcement explains.
The threat group first researched the targeted users and used the information regarding the targets to fool around with the password recovery/reset features.
For example, the group tried to reach a user’s secondary account and get into the user’s Microsoft account via the confirmation process. This process presented the hackers with the targets’ personal data for attacking them.
Phosphorus used the websites Microsoft seized this spring to trick visitors into downloading malicious software that appeared authentic. But that was only one of the group’s tactics. In Phosphorus’s latest attempts, the group tried to trick users into giving up codes that are used for two-factor authentication.
The fact that these attacks rely on social organization, rather than technical skill, makes them particularly difficult to thwart. Tech giants can often detect digital anomalies intended to undermine email and server software.
But it’s much harder to use algorithms to detect phishing attempts aimed at tricking users. In May, Microsoft offered software to federal campaigns and national political committees to help prevent such breaches.
While the Phosphorus attack is not “highly sophisticated”, Microsoft calls them “highly motivated and willing” to make such progress.
With the blog post, Microsoft tries to make people around the world aware of security warnings and bring about ways to control them.
Microsoft asks users to enable two-factor authentication, which can be done in the account’s security settings. Furthermore, the company encourages users to keep track of their account’s login actions. In case, a user finds anything suspicious, they should notify Microsoft and ultimately change the account password.
The level of research that went into identifying targets, as social media and other tools become more and more central to the tactics of the suspected hackers, was especially noteworthy, Wikoff stated.
“This group and other Iranian groups are very focused on the credentials of particular people of interest, whether they be U.S. government officials or people working for other types of companies that may be of strategic interest to the Iranian government,” Wikoff maintained.
Microsoft did not immediately answer requests to confirm that the hackers targeted the Trump campaign.
The U.S. has traditionally been targeted by Iran in times of conflict, particularly when the federal government imposes new sanctions on it.
The Trump administration had been threatening new sanctions against Iran throughout the summer and imposed new sanctions on Sept. 4 against the country’s shipping network and on Sept. 20 against Iran’s central bank.
More like this:
Twitter co-founder account hacked, the final boss failed