Advertisement
Subscribe to our daily newsletter.
Subscribe

Microsoft: U.S. presidential campaign, government officials targeted by recent hacking effort

Phosphorus, also known as APT35, has targeted email accounts associated with an unnamed U.S. presidential campaign along with current and former U.S. government officials.

By

Iran microsoft
(Getty Images)

Microsoft said Friday that an Iranian government-linked hacking group had targeted email accounts associated with an unnamed U.S. presidential campaign, along with current and former U.S. government officials.

The Iranian hackers’ other targets included “journalists covering global politics and prominent Iranians living outside Iran,” said Tom Burt, a corporate vice president at Microsoft.

Over 30 days between August and September, hackers made more than 2,700 “attempts” to identify email accounts belonging to specific customers, Microsoft said. From there, they attacked 241 of those accounts, the company said.

Four accounts were compromised as a result of those attacks. None of the breached accounts were associated with the U.S. presidential campaign or with current or former U.S. government officials, according to Microsoft. The company is working with the affected customers to secure their accounts, Burt said.

Advertisement

While Microsoft did not name the presidential campaign that the Iranian hackers targeted, Reuters reported that it was the Trump campaign. Tim Murtaugh, the Trump campaign’s director of communications, told Reuters the campaign had no indication that its infrastructure was targeted by the hackers.

CyberScoop could not independently confirm that the Trump campaign was targeted by the Iranian hackers. However, a search of public domain records did show that the Trump campaign’s email provider is Microsoft.

The Democratic National Committee on Tuesday sent an advisory to Democratic presidential campaigns flagging the Microsoft discovery. The Iranian hackers have been “attacking personal as well as official work accounts,” the DNC email said. “They create believable spear phishing emails and fake LinkedIn profiles as primary tactics.”

The DNC reiterated that Microsoft had seen the hacking group circumvent two-factor authentication in some cases, and urged campaigns to review a security checklist the DNC previously released.

The activity is the latest reminder that foreign governments will try to interfere in the 2020 U.S. election. On Thursday, the FBI and the Department of Homeland Security advised state election officials that the Russian government could use voter suppression tactics in an attempt to interfere in the 2020 U.S. election.

Advertisement

Burt described the hacking attempts as “not technically sophisticated,” but still clever: attackers gathered a good deal of personal information on their targets and used account recovery features to try to take over some email accounts.

The group, which Microsoft calls Phosphorus, has also been dubbed APT35 or Charming Kitten by cybersecurity companies. The group is known for targeting journalists and activists who focus on Iran.

In March, Microsoft used a court order to seize 99 websites that the hacking group was using to conduct cyberattacks.

Shannon Vavra contributed reporting. 

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Former U.S. President and Republican presidential candidate Donald Trump (L) and U.S. Senator from Ohio and Republican vice presidential candidate J.D. Vance attend a remembrance ceremony on the 23rd anniversary of the September 11 terror attack on the World Trade Center at Ground Zero, in New York City. (Photo by Adam GRAY / AFP)

Report: Chinese hackers used telecom access to go after phones of Trump, Vance

U.S. authorities said they are investigating “unauthorized access to telecommunications infrastructure” by hackers linked to China.
By Derek B. Johnson Tim Starks
An official election ballot sits on a table as residents vote using an absentee or mail-in ballot on October 15, 2024 in Doylestown, Pennsylvania. Registered voters in Pennsylvania can vote “On Demand” by requesting, a mail-in or absentee ballot filing it out and dropping it off all in one visit to their county election office or other designated location. (Photo by Hannah Beier/Getty Images)

Pennsylvania officials rebut false voter fraud claims from home and abroad

By Derek B. Johnson

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

Image of a microphone for a podcast series

Tackling AI-powered threats with zero trust and least privilege access

Securing the Skies: Aerospace Cybersecurity with David Brumley

Verizon’s Lamont Copeland on defending against the expanding attack surface

Government

Technology

Threats

Geopolitics