Microsoft: U.S. presidential campaign, government officials targeted by recent hacking effort

Phosphorus, also known as APT35, has targeted email accounts associated with an unnamed U.S. presidential campaign along with current and former U.S. government officials.
Iran microsoft
(Getty Images)

Microsoft said Friday that an Iranian government-linked hacking group had targeted email accounts associated with an unnamed U.S. presidential campaign, along with current and former U.S. government officials.

The Iranian hackers’ other targets included “journalists covering global politics and prominent Iranians living outside Iran,” said Tom Burt, a corporate vice president at Microsoft.

Over 30 days between August and September, hackers made more than 2,700 “attempts” to identify email accounts belonging to specific customers, Microsoft said. From there, they attacked 241 of those accounts, the company said.

Four accounts were compromised as a result of those attacks. None of the breached accounts were associated with the U.S. presidential campaign or with current or former U.S. government officials, according to Microsoft. The company is working with the affected customers to secure their accounts, Burt said.


While Microsoft did not name the presidential campaign that the Iranian hackers targeted, Reuters reported that it was the Trump campaign. Tim Murtaugh, the Trump campaign’s director of communications, told Reuters the campaign had no indication that its infrastructure was targeted by the hackers.

CyberScoop could not independently confirm that the Trump campaign was targeted by the Iranian hackers. However, a search of public domain records did show that the Trump campaign’s email provider is Microsoft.

The Democratic National Committee on Tuesday sent an advisory to Democratic presidential campaigns flagging the Microsoft discovery. The Iranian hackers have been “attacking personal as well as official work accounts,” the DNC email said. “They create believable spear phishing emails and fake LinkedIn profiles as primary tactics.”

The DNC reiterated that Microsoft had seen the hacking group circumvent two-factor authentication in some cases, and urged campaigns to review a security checklist the DNC previously released.

The activity is the latest reminder that foreign governments will try to interfere in the 2020 U.S. election. On Thursday, the FBI and the Department of Homeland Security advised state election officials that the Russian government could use voter suppression tactics in an attempt to interfere in the 2020 U.S. election.


Burt described the hacking attempts as “not technically sophisticated,” but still clever: attackers gathered a good deal of personal information on their targets and used account recovery features to try to take over some email accounts.

The group, which Microsoft calls Phosphorus, has also been dubbed APT35 or Charming Kitten by cybersecurity companies. The group is known for targeting journalists and activists who focus on Iran.

In March, Microsoft used a court order to seize 99 websites that the hacking group was using to conduct cyberattacks.

Shannon Vavra contributed reporting. 

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts