The U.S. Presidential elections, scheduled to be held on Tuesday, November 3, next year, are already a talking point amongst cybersecurity officials. Today, Microsoft reported that the firm's Threat Intelligence Center (MSTIC) caught the Iranian hacker group Phosphorus trying to breach accounts linked to the U.S. presidential campaign and current and former U.S. government officials, among others, within a 30-day period. The Corporate Vice President, Customer Security & Trust at Microsoft, Tom Burt, wrote on the blog post:
In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts. The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.
Burt noted that while the recent attempts were unsuccessful for the most part, four accounts were compromised, nevertheless. However, they did not belong to government officials nor were they linked to the election campaign.
Microsoft also pointed out that while these attacks were not that 'sophisticated', they certainly present the possibility that the hackers might be "highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering". The Redmond tech giant said this after disclosing the modus operandi of Phosphorus.
The group tried to exploit password reset and account recovery features to hijack the target accounts. One such way that the firm disclosed was that Phosphorus tried to gain access to the secondary email addresses and then, in turn, tried their luck in gaining access to the user’s Microsoft account through verification emails sent to the secondary account. Similarly, access to the user's phone numbers was also used to assist in authenticating password resets.
Earlier this year, Microsoft shut down 99 websites that Phosphorus used to conduct its hacking operations through a court order. In the blog post, Burt also had some advice pertaining to protecting your account against such attacks. As a general rule of thumb, the firm strongly suggested the use of two-factor authentication and Microsoft Authenticator, which lets you log in to your accounts without passwords with the help of your phone.
To help assist the victims of this attack, cybersecurity officials from Microsoft have contacted the victims of the hacking attempts and are working with them to help secure their accounts.