Microsoft revealed that threat actor group ‘Phosphorus’ attempted to breach email accounts belonging to US presidential election campaign, current and former US government officials, journalists covering global politics and prominent Iranians living outside of Iran.
What is Phosphorus?
- According to Microsoft team, Phosphorus is also known as APT35, Charming kitten and Ajax security team.
- Phosphorus is originated from Iran and is a state-sponsored cyber group attached to the Iranian military that has been involved in myriad cyber attacks since 2013.
How is US 2020 campaign attacked?
Over a 30 day period from August and September Phosphorus made 2,700 attempts to identify Microsoft email accounts before attacking 241 of those accounts.
As a result of these attempts made, only four email accounts were breached- none of them belonged to presidential campaign or government officials. The owners of these four accounts have been notified.
Initially, the hackers breached the secondary email inbox of the victim associated with their Microsoft Account, then used them to reset the password. As soon as they received the reset link to the secondary inbox, the hackers used it to access the primary Microsoft account.
The domains used the websites to sent emails to recipient alerting the security risk and trick them into handling their account credentials.
The report of attacks showed how cybersecurity would be a significant issue in the U.S. 2020 election.
“Phosphorus has been attacking personal as well as official work accounts. They create believable spear phi’s game emails and fake Linkedln profiles as primary tactics” Bob Lord, the DNC’s security chief.
In March, Microsoft announced that it had taken control of 99 domain group used by an Iran-linked APT group tracked by the company as Phosphorus.
The Iranian government did not issue any immediate comment through state-run media on Microsoft’s statement.
Bond between the United States and Iran
Since May 2018 tension aroused between the United States and Iran. Trump withdrew from a 2015 international nuclear accord with Tehran that has put limits on its nuclear program in exchange for easing of sanctions. Since then Trump has reinstated U.S sanctions, increasing pressure on the Iranian economy, including its oil trade.
Microsoft charged the group Phosphorus with the hacking attempt. Microsoft’s digital crimes unit has taken legal and technical steps to combat Phosphorus attacks and will continue to take these types of actions.
You may be interested in reading: EX – YAHOO EMPLOYEE SNEAKS INTO 6000 ACCOUNTS FOR SEXUAL CONTENT