A hacking group Microsoft is calling Phosphorus appears to be “linked to the Iranian government” and has tried to attack accounts related to “U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran,” the company says.
In a blog post, the company said that in a 30-day period during August and September, the group made more than 2,700 attempts to identify customer accounts and tried to attack 241 of them. Only four accounts were successfully compromised, according to Microsoft, and they weren’t related to U.S. presidential campaigns or government officials. People who were affected by the attacks have been notified, Microsoft says.
The hackers attempted to use other email accounts and phone numbers to gain access to the accounts, according to the post by Tom Burt, Microsoft’s corporate vice president for customer security and trust.
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Burt warned. “This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
Microsoft encouraged customers to set up two-factor authentication and, if they’re concerned about hacking, to periodically check their login histories for unexpected access to their account.
It’s not the first time Iran has been accused of hacking politically sensitive accounts in the West: Google reported Iran-linked phishing accounts and propaganda efforts last year. The nation has also been accused of targeting legislators in the U.K. and Australia.
Western countries have also turned their own hackers on Iran over the years, dating back at least to the 2010 Stuxnet attack on Iran’s nuclear program, attributed to the U.S. and Israel.