Iran-linked hackers target ’20 race
Microsoft won’t identify presidential campaign singled out
WASHINGTON — Microsoft said Friday that hackers linked to the Iranian government targeted a U.S. presidential campaign, as well as government officials, media targets and prominent expatriate Iranians.
Overall, the hackers attempted to penetrate 241 accounts — four successfully — though none of those penetrated was associated with presidential campaigns or current or past U.S. officials, Microsoft said. A company spokeswoman declined to identify those targeted, citing customer privacy.
The announcement is the latest sign that foreign governments are looking for ways to potentially disrupt the 2020 presidential election. U.S. intelligence officials have sounded the alarm about the risks for months.
Russia’s hacking of the Democratic National Committee and Hillary Clinton’s campaign, as well as the subsequent leaks of emails during the 2016 election, roiled the Democratic National Committee, hurt the Clinton campaign and was a focal point in former special counsel Robert Mueller’s investigation.
For years, Iranian hackers have targeted U.S. officials through “large-scale intrusion attempts,” said John Hultquist, the director of intelligence analysis at the cybersecurity firm FireEye. But the aggressiveness of the country’s digital efforts has escalated as Tehran’s political standing with Washington has worsened, particularly in recent months as President Donald Trump has threatened sanctions over the country’s nuclear program.
“The Iranians are very aggressive, and they could leverage whatever access they get for an upper hand in any kind of negotiations,” Hultquist said. “They could cause a lot of mayhem.”
The U.S. Department of Homeland Security said it was working with Microsoft to “assess and mitigate impacts.” Chris Krebs, director of the department’s Cybersecurity and Infrastructure Security Agency, said much of the activity is likely “run-of-the-mill” foreign intelligence service work.
But, “Microsoft’s claims that a presidential campaign was targeted is yet more evidence that our adversaries are looking to undermine our democratic institutions,” Krebs said.
In a blog post released Friday, Microsoft’s Tom Burt, corporate vice president for customer security and trust, said that thowners of four accounts that were compromised by the hackers have been notified. The company would not identify those accounts.
The attacks by a group Microsoft calls Phosphorus occurred during a 30-day period between August and September.
According to Microsoft, Phosphorus hackers tried to figure out how to reset passwords or otherwise trigger account recovery features to take over accounts. In some instances, Microsoft found that the group gathered phone numbers belonging to its targets to try to authenticate password resets.
The attacks were not “technically sophisticated,” Burt wrote in the blog post. But he noted that they used significant amounts of the targets’ personal information, suggesting that Phosphorus was willing to invest “significant time and resources engaging in research and other means of information gathering.”
The hackers researched their targets, making more than 2,700 attempts to identify emails belonging to a specific Microsoft customer. A spokeswoman declined to provide more details.
The company has previously taken legal steps to combat Iran-linked hackers, suing them in federal court in Washington, D.C., so Microsoft could take control of websites Phosphorous used to conduct hacking operations and to stop attacks.
On Friday, Tim Murtaugh, spokesman for Trump’s 2020 re-election campaign, said there was “no indication that any of our campaign infrastructure was targeted.”
The campaigns of Sen. Kamala Harris, Michael Bennet, Pete Buttigieg and Montana Gov. Steve Bullock also said they had not been targeted. A campaign aide for Sen. Bernie Sanders said the campaign doesn’t comment on matters of technical security.
Republican National Committee spokeswoman Blair Ellis said the party is “constantly working to stay ahead of emerging threats.”
Meanwhile, the Democratic National Committee sent an alert out to campaigns Friday, warning them about the Iranlinked hacking group’s targeting of Microsoft accounts belonging to “journalists, politicians and at least one presidential campaign.”