An Iranian-linked threat group attempted to identify and attack various email accounts belonging to Microsoft customers over a 30-day period, including those linked to an unnamed U.S. presidential campaign as well as current and former U.S. officials, the company announced Friday.
In a blog post, Microsoft detailed how a group known as “Phosphorus,” which the company believes may be linked to the Iranian government, made around 2,700 attempts to target customer email accounts, and then attacked 241 of these accounts between August and September of this year.
In addition to U.S. officials and the unnamed campaign, the threat group also targeted accounts belonging to journalists covering global politics and to Iranians living outside of Iran, according to the company.
Microsoft said that four of the attacks successfully compromised email accounts, though none of them were related to the U.S. presidential campaign or the government officials.
Microsoft has notified the customers whose accounts were compromised by the threat group.
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Tom Burt, corporate vice president of Customer Security and Trust at Microsoft, wrote in the blog post.
“This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
In targeting the email accounts, Phosphorus used research gathered on the individuals to try to take over the accounts through “gaming” the password reset process, including by accessing the user’s secondary email account to gain access to any verification emails sent from the Microsoft account.
Burt wrote that in notifying the public of the Iranian group’s activities, “it is important that we all—governments and private sector—are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes.”
Microsoft said it “strongly encouraged” all customers to enable two-step verification on their email accounts, and to periodically check the login history for their accounts, particularly if the individual is a journalist or a staffer for a political campaign.
The targeting of U.S. accounts by the Iranian threat group comes after an escalation of tensions between the two countries, particularly in the wake of the U.S. blaming Iran for attacking two Saudi Arabian oil facilities last month.
The announcement also comes as Microsoft seeks to shore up security for its products and systems heading into the 2020 elections.
Last month, the company announced that it would provide free updates for voting systems running Windows 7 software through the 2020 elections, which otherwise would not have been updated without voting jurisdictions paying for this service after January 2020.
Microsoft also launched its “Defending Our Democracy” program in 2018 with the aim of protecting political campaigns from hacking operations and to defend against disinformation campaigns online.