By Yaron
A hacking group that is apparently linked to the Iranian government has carried out a cyber attack against a US presidential campaign — as well as current and former American government officials, Microsoft announced Friday.
The software giant said it saw “significant” online activity by the group that also targeted journalists covering global politics and prominent Iranians living outside the country.
In a 30-day period between August and September, the group — dubbed “Phosphorous” — made more than 2,700 attempts to identify Microsoft consumers’ email accounts and then attacked 241 of the accounts, the company said in a blog post.
Phosphorus is also known as APT 35, Charming Kitten and Ajax Security Team, according to Microsoft.
“Four accounts were compromised as a result of these attempts; these four accounts were not associated with the US presidential campaign or current and former US government officials,” the company said.
“Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them.”
Hacking to interfere in elections has become a concern for governments, particularly after US intelligence agencies concluded that Russia ran an operation to disrupt the American democratic process to also help Donald Trump become president.
Microsoft, which been tracking Phosphorus since 2013, said in March that it had received a court order to take control of 99 websites the group used to carry out attacks.
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” the company said.
“This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
The company said its Digital Crimes Unit has “taken legal and technical steps to combat Phosphorus attacks.”
To help secure consumer accounts, Microsoft recommends that all customers enable two-step verification and to periodically check their login history.
