Microsoft: Iran government-linked hacker targeted 2020 presidential campaign – USA TODAY
Russia interfered in the 2016 presidential elections and helped Donald Trump win. We look back at history and ask: Will they do it again?
Just the FAQs, USA TODAY
A hacker linked to the IranÂ government made more than 2,700 attempts to target email addresses belonging to a 2020 U.S. presidential campaign, government officials, journalists and prominent Iranians living abroad, the tech giant Microsoft said Friday.
The company said that four email accounts were compromised by the group it calls âPhosphorousâ but none of those compromised accounts were associated with a presidential campaignÂ or current U.S. government officials.
âMicrosoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them,âÂ Tom Burt, Microsoft vice president for customer security and trust, wrote in a blog post.
A company spokesman declined to identify which campaignÂ or individuals Phosphorous targeted.
The targeted attacks come while anxiety aboutÂ Russian interference in the 2016 election has not receded.
In March 2016, two cyber units of the Russian military agency called “GRU” sentÂ hundreds of spear-phishing emails to email addressesÂ associated with former Secretary of State Hillary Clinton’s presidential campaign and the Democratic National Committee. The spear-phishing campaign allowedÂ them to gain access to John Podesta’s email accounts. Podesta wasÂ Clinton’s campaign chairman.
The group WikiLeaks release more than 20,000 emails and other documents stolen from the hacks, three days before the Democratic National Convention. WikiLeaks then releasedÂ more than 50,000 documents stolen from Podesta’s personal email account in the month leading up to Election Day 2016.Â
Tim Murtaugh, a campaign spokesman for President Donald Trumpâs reelection campaign, initiallyÂ declined to comment on whether it was targeted in the newly-revealed Iran-linked attack. But Murtaugh later addedÂ that the campaign has “no indication that any of our campaign infrastructure was targeted.”Â Â
Campaign officials with former Vice President Joe Biden and Sen. Bernie Sanders teams declined to comment, citing policies of not discussing security matters.
Ian Sams, a spokesman for the campaign of Democratic White House hopeful Kamala Harris, said the campaign has received “no indication that our campaign is the one Microsoft referenced or that we have been targeted by this attack.
“But we have taken appropriate steps since the beginning of our campaign to protect ourselves against hacking attempts and will continue to do so,” Sams added.
Officials for the campaigns ofÂ Elizabeth Warren and Pete Buttigieg, the other top polling Democrats, did not respond to requests for comment.
MicrosoftÂ says Phosphorous used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over targeted accounts.
âFor example, they would seek access to a secondary email account linked to a userâs Microsoft account, then attempt to gain access to a userâs Microsoft account through verification sent to the secondary account,â BurtÂ said. âIn some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.â
Microsoft said it decided to publicize the hack, which it described as “not technically sophisticated,”Â because it felt it’s increasingly important for the government and private sectorÂ to be transparent about nation-state attacks and attempts to disrupt democratic processes.
The company added that publishing the information would also help other organizationâs associatedÂ with election processes to be more vigilant.
Iranâs is lesser known among U.S. adversaries for its cyberattack capabilities. Tehranâs most notable suspected cyberattacks targeted Israel, Turkey, the United Kingdom, and U.S. in 2010 following a collaborative attack against Iranâs nuclear program by the U.S. and Israel.
âThis series of attacks is notable for their lack of sophistication.Â The attackers didnât try to crack passwords or engage in phishing attacks,â said Mike Chapple, associate teaching professor of IT, analytics, and operations at the University of Notre Dame, âInstead, they took advantage of Microsoftâs password recovery mechanisms, attempting to take over the secondary email accounts and phone numbers used to reset forgotten passwords.â