According to researchers from Microsoft’s Threat Intelligence Center (MSTIC), malicious activity by a collective of Iranian hackers known as Phosphorus against email’s belonging to members of President Trump’s reelection campaign has been detected as early as August of this year.
During a 30 day period in August and September, MSTIC determined that Phosphorus made over 2,700 attempts to identify email accounts belonging to specific Microsoft customers and then waged an attack against 241 of the identified accounts. Besides the ones belonging to members of the Trump 2020 Presidential Campaign, Phosphorus targeted current and former US government officials, journalists and prominent Iranians living outside Iran. Only Four of the 241 accounts were actually compromised as a result, with none of the four belonging to the Trump campaign.
The attacks were labeled as not “technically sophisticated,” but involved a large amount of personal information about the targeted victim. Microsoft researchers stated, “This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering,”
The attackers used this information to try to reset passwords or employ account-recovery features to take over some targeted accounts, according to MSTIC.
Previously, Phosphorus has been linked to campaigns that employed the use of “Stealer Malware,” an infection that exposes the victims’ social security number, logins for social media and email services, remote desktop accounts, notes and other documents saved on the user’s PC.