A group of hackers linked to the Iranian government mounted a hacking campaign against a 2020 US presidential candidate, Microsoft said Friday, but they were ultimately unsuccessful in gaining access to sensitive accounts or emails from the candidate.
- Microsoft, which is calling the state-backed Iranian hacking group “Phosphorus,” found that during a 30-day period between August and September, hackers made 2,700 attempts to attack 241 Microsoft email accounts.
- In addition to the presidential candidate, Iran targeted current and former US government officials, journalists covering global politics and prominent Iranians living outside Iran, Microsoft said.
- The hackers used personal information, such as a phone number or a secondary email address, to try and trigger a user or password reset. Their methods weren’t technically sophisticated, but Microsoft did say they gained a significant amount of personal information and considerable time and resources to identify accounts.
- Four accounts not associated with the presidential campaign or government officials were compromised.
- Microsoft did not name the presidential campaign subject to the hack, but said it has notified users whose emails may have been compromised.
“It is important that we all—governments and private sector—are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes,” Tom Burt, corporate vice president, customer security and trust, said in a blog post.