UPDATE: Reuters is reporting the Iranian hackers targeted the releection campaign for President Donald Trump, but were unsuccessful.

Original story:

Microsoft has uncovered evidence Iranian hackers have been trying to infiltrate a 2020 US presidential campaign.

Over a 30-day period from August to September, Redmond's security teams observed the hackers trying to break into 241 customer accounts with Microsoft services. "The targeted accounts are associated with a US presidential campaign, current and former US government officials, journalists covering global politics and prominent Iranians living outside Iran," Microsoft vice president Tom Burt wrote in a blog post on Friday.

The hackers breached four accounts, none of which belonged to the staffers from the US presidential campaign or to US government officials. Microsoft notified the affected users and secured their accounts.

The attacks involved trying to game the account recovery options, like a forgotten password. The hackers focused on first exploiting email accounts and phone numbers tied to the sought-after Microsoft account.

"For example, [the attackers] would seek access to a secondary email account linked to a user's Microsoft account, then attempt to gain access to a user's Microsoft account through verification sent to the secondary account," Burt said. "In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets."

Although the attacks "were not technically sophisticated," Burt said the hacking attempts show the culprits have amassed a significant amount of personal information on their targets. In total, the company observed the hackers "making more than 2,700 attempts" to identify and link Microsoft online accounts with specific users.

Redmond is blaming the attacks on an Iranian hacking group dubbed Phosphorus (also known as APT 35), which security experts have suspected has links to the Iranian government. In March, Microsoft took over 99 internet domains the group was using to trick targets into installing malware or giving up their passwords. This involved sending out phishing emails that linked out to legitimate-looking sites such as "outlook-verify.net" and "verify-linkedin.net" when in reality they were controlled by hackers.

So far, Microsoft has refrained from naming which US presidential campaign was targeted in the attacks or elaborating on how it tied the intrusion attempts back to the Phosphorus group. But the company is urging anyone involved in the upcoming 2020 election to be on guard against computer hackers. "We strongly encourage all customers to enable two-step verification on their accounts which can be done in Account Security settings," Burt said.

"People can also periodically check their login history, and we recommend this for journalists, political campaigns staff, and others interested in assuring account security," he added. "These logs are made available through the Account Security Sign-In Activity tab."

Burt issued similar warnings ahead of the 2018 mid-term elections.

Further Reading

Security Reviews