Microsoft says Iranian hackers tried to breach a US presidential campaign

Microsoft cybersecurity officials say they saw Iranian hackers attempt to breach accounts from a US presidential campaign, as well as from US government officials, journalists, and Iranians living abroad, in a period extending from August to September. The company described the attacks in a blog post on Friday.

The company sent an alert to the Democratic National Committee on Friday warning about attempts, the Wall Street Journal reported. 

The hacking campaign is a stark reminder that basic security steps like two-factor authentication are strong and important defenses against even nationally sponsored operations.

The targets: Tom Burt, Microsoft’s vice president of security and trust, wrote that the Iranians failed in their attempt to hack US presidential campaign and government officials. The hackers made “more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts.”

Burt and Microsoft said they will not identify the victims of the hacking campaign. US presidential campaigns have been targets and victims of hacking for years, most notably Democrat officials during the 2016 campaign. Such activity extends back at least to 2008, when both candidates suffered breaches.

Sticking to the basics: The Iranian hacking group, code-named Phosphorous, gathered information about targets and then tried to manipulate password reset and account recovery features in attempts to take over accounts.

“For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account,” Burt wrote. “In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”

The attacks are not technically sophisticated. They had none of the headline-grabbing exploits that can excite observers and dominate the news. Instead, this operation illustrates how important the fundamentals of cybersecurity are for both attackers and their targets.

Microsoft encouraged all users to set up multi-factor authentication through solutions like the passwordless Microsoft Authenticator.

A long trail: Phosphorous has been active for at least six years. They have long been known to target businesses, government agencies, journalists, and activists involved in the Middle East. 

Earlier this year, Microsoft used a court order to shut down dozens of websites used by the hacking group to spoof well-known companies and trick victims. It’s a legal tactic the company has used repeatedly, against actors including the Russian hacking group known as Fancy Bear.