AFP San Francisco, United States
Oct 05, 2019, 11.26 AM
Microsoft on Friday said a hacker group linked to Iran unleashed cyberattacks on US journalists, government officials and accounts associated with a US presidential campaign.
Only four accounts were compromised as a result of the "significant cyber activity of the threat group," Tom Burt, Microsoft's corporate vice president of computer security and trust, said in an online post.
He did not identify which presidential candidate's campaign was in the crosshairs of hackers, nor whose accounts were breached.
A group Microsoft dubbed "Phosphorous" tried to identify email accounts of targets that included US officials, journalists covering global politics, prominent Iranians living outside that country, and a presidential campaign, according to Burt.
"Phosphorous used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts," Burt said.
During a 30-day period that ended in September, Microsoft Threat Intelligence Center spied more than 2,700 attempts to identify email accounts of targets, according to the US computing colossus.
Microsoft believed that Phosphorous "originates from Iran and is linked to the Iranian government."
Burt said that Microsoft notified those whose accounts were targeted, advising them to ramp up their online defences.
The attacks were not technically sophisticated, attempting to use personal information such as telephone numbers gathered to identify email accounts or dupe systems into allowing passwords to be reset.
"This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering," Burt said.
Facebook early this year shut down more than 2,600 fake accounts linked to Iran, Russia, Macedonia and Kosovo that were aiming to influence political sentiment in various parts of the world.
It was part of an ongoing effort by the leading social network to shut down "inauthentic" accounts on Facebook and Instagram seeking to influence politics in the United States and elsewhere.
In the action, Facebook said it removed 513 pages, groups and accounts tied to Iran that were operating in Egypt, India, Indonesia, Israel, Italy, Kashmir, Kazakhstan and various areas of the Middle East and North Africa.
In January, Facebook took down hundreds of accounts from Iran that were part of a vast manipulation campaign operating in more than 20 countries.
Only four accounts were compromised as a result of the 'significant cyber activity of the threat group,' Tom Burt, Microsoft's corporate vice president of computer security and trust, said in an online post.