The US Department of Homeland Security said it was working with Microsoft to ‘assess and mitigate impacts’ of an Iranian hacking operation targeting a US presidential campaign.
Microsoft has said that hacker group Phosphorous, which has been linked to the Iranian government, has targeted a US presidential campaign, as well as government officials, media targets and prominent expatriate Iranians.
Overall, the hackers attempted to access 241 accounts – four successfully – though none of those penetrated were associated with presidential campaigns or current or past US officials, Microsoft said.
The announcement is the latest sign that foreign governments are looking for ways to potentially disrupt the 2020 presidential election. US intelligence officials have sounded the alarm about the risks for months.
Russia’s hacking of the Democratic National Committee and Hillary Clinton’s campaign, as well as the subsequent leaks of emails during the 2016 election, hurt Clinton’s electoral hopes and was a focal point in special counsel Robert Mueller’s probe.
The disruption caused by Russia’s attack has heightened awareness and prompted fears that other nations will try to follow Russia’s example.
US president Donald Trump recently withdrew the US from a nuclear agreement with Iran and stepped up sanctions against the country.
The US Department of Homeland Security said it was working with Microsoft to “assess and mitigate impacts”. Chris Krebs, director of the department’s cybersecurity and infrastructure security agency, said much of the activity is likely “run-of-the-mill” foreign intelligence service work.
However, he continued: “Microsoft’s claims that a presidential campaign was targeted is yet more evidence that our adversaries are looking to undermine our democratic institutions.”
Staying ahead of emerging threats
In a statement released on Friday (4 October), Microsoft’s Tom Burt, corporate vice-president for customer security and trust, said that owners of four accounts that were compromised by the hackers have been notified. The attacks occurred during a 30-day period between August and September.
Burt said the Iranian hackers used password reset and account recovery features to try to take over accounts. In other cases, they tried to get into secondary email accounts that might be linked to the Microsoft account to gain access via a verification email.
The hackers researched their targets, making more than 2,700 attempts to identify emails belonging to a specific Microsoft customer.
The company has previously taken legal steps to combat Iran-linked hackers, suing them in federal court in Washington DC, so Microsoft could take control of websites Phosphorous used to conduct hacking operations and to stop attacks.
Tim Murtaugh, spokesman for Donald Trump’s 2020 re-election campaign, said there was “no indication that any of our campaign infrastructure was targeted”.
The campaigns of Democrats Kamala Harris, Michael Bennet and Pete Buttigieg also said they had not been targeted. A campaign aide for Bernie Sanders said the campaign does not comment on matters of technical security.
Republican National Committee spokeswoman Blair Ellis said the RNC is “constantly working to stay ahead of emerging threats”.
In July, Microsoft announced that it had detected more than 740 infiltration attempts by nation-state actors in the past year targeting US-based political parties, campaigns and other democracy-focused organisations including think tanks and non-profits.
– PA Media, with additional reporting by Eva Short