Trump campaign targeted by Iran-linked hackers: Sources

US officials, journalists, Iranians were other targets: Microsoft

WASHINGTON • A hacking group that appears to be linked to the Iranian government attempted to break into US President Donald Trump's re-election campaign but was unsuccessful, sources familiar with the operation said on Friday.

Microsoft said in a blog post that it saw "significant" cyber activity by the group, which also targeted current and former US government officials, journalists covering global politics, and prominent Iranians living outside Iran.

Mr Trump's official campaign website is the only one of the remaining major election contenders' sites that is linked to Microsoft's cloud e-mail service, according to an inspection of publicly available mail exchanger records. His campaign director of communications Tim Murtaugh said: "We have no indication that any of our campaign infrastructure was targeted."

In a 30-day period between August and last month, the group, dubbed "Phosphorous" by Microsoft, made more than 2,700 attempts to identify consumer e-mail accounts belonging to specific customers and then attacked 241 of those accounts.

"Four accounts were compromised as a result of these attempts; these four accounts were not associated with the US presidential campaign or current and former US government officials," said the blog post.

Microsoft's blog post did not identify the election campaign whose network was targeted by Phosphorous hackers, but sources told Reuters the target was Mr Trump's re-election effort.

The Federal Bureau of Investigation did not immediately respond to a request for comment.

Mr Chris Krebs, director of the Homeland Security Department's election security division, known as CISA, said he was aware of the Microsoft report.

In a 30-day period between August and last month, the group, dubbed "Phosphorous" by Microsoft, made more than 2,700 attempts to identify consumer e-mail accounts belonging to specific customers and then attacked 241 of those accounts.

In a statement, Mr Krebs called it "yet more evidence that our adversaries are looking to undermine our democratic institutions".

Hacking to interfere in elections has become a concern for governments, especially since US intelligence agencies concluded that Russia ran a hacking and propaganda operation to disrupt the American democratic process in 2016 to help then candidate Mr Trump become president.

Moscow has denied any meddling.

Tensions between the United States and Iran have risen since May last year, when Mr Trump withdrew from a 2015 international nuclear accord with Teheran that put limits on its nuclear programme in exchange for the easing of sanctions.

Mr Trump has since reinstated US sanctions, increasing pressure on the Iranian economy, including its oil trade.

The Iranian government did not issue any immediate comment through state-run media on Microsoft's statement.

Mr John Hultquist, director of intelligence at cyber-security firm FireEye, said the particular Iranian group named in the attempts had been conducting "high-volume operations" aimed at harvesting credentials for online accounts.

Phosphorus is also known as APT 35, Charming Kitten and Ajax Security Team.

Microsoft, which is based in Redmond, Washington, said Phosphorous used information gathered from researching its targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts.

The attacks were not technically sophisticated, Microsoft said.

"This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering," the blog post said.

Microsoft has been tracking Phosphorus since 2013 and said in March that it had received a court order to take control of 99 websites that the group used to execute attacks.

Big technology companies are under pressure to ramp up security for next year's US elections and others around the world.

Companies including Facebook, Google, Microsoft and Twitter met US intelligence agencies last month to discuss security strategies.


A version of this article appeared in the print edition of The Sunday Times on October 06, 2019, with the headline 'Trump campaign targeted by Iran-linked hackers: Sources'. Print Edition | Subscribe