WASHINGTON (AP) — Microsoft said Friday that hackers linked to the Iranian government targeted a U.S. presidential campaign, as well as government officials, media targets and prominent expatriate Iranians.
Overall, the hackers attempted to penetrate 241 accounts — four successfully — though none of those penetrated was associated with presidential campaigns or current or past U.S. officials, Microsoft said. A company spokeswoman declined to identify those targeted, citing customer privacy.
Reuters and the New York Times reported the attack targeted President Donald Trump’s re-election campaign, but this could not be independently confirmed. But a review of publicly available internet records by AP showed the Trump campaign’s official website is linked to Microsoft’s email service.
Tim Murtaugh, spokesman for Trump’s 2020 re-election campaign, said there was “no indication that any of our campaign infrastructure was targeted.”
Microsoft’s announcement is the latest sign that foreign governments are looking for ways to potentially disrupt the 2020 presidential election. U.S. intelligence officials have sounded the alarm about the risks for months.
Russia’s hacking of the Democratic National Committee and the Clinton campaign, as well as the subsequent leaks of emails during the 2016 election roiled the DNC, hurt the Clinton campaign and was a focal point in special counsel Robert Mueller’s probe.
Foreign hackers have long targeted U.S. government and politicians, generally with little notice. But the disruption caused by Russia’s attack has heightened awareness and prompted fears that other nations will try to follow Russia’s example. Iran in particular could have a stake in the outcome of the U.S. election after Trump withdrew the United States from a nuclear agreement and stepped up sanctions against the country.
“The Russians came after us and our election system in 2016 and they paid virtually no price for that activity,” said Jamil N. Jaffer, director of the national security law and policy program at George Mason University, and former chief counsel of the Senate Foreign Relations Committee. “It’s not surprising that China now more aggressively and maybe the Iranians are getting in that game. Why not?”
The U.S. Department of Homeland Security said it was working with Microsoft to “assess and mitigate impacts.” Chris Krebs, director of the department’s Cybersecurity and Infrastructure Security Agency, said much of the activity is likely “run-of-the-mill” foreign intelligence service work.
But, “Microsoft’s claims that a presidential campaign was targeted is yet more evidence that our adversaries are looking to undermine our democratic institutions,” Krebs said.
In a blogpost released Friday, Microsoft’s Tom Burt, corporate vice president for customer security and trust, said owners of four accounts that were compromised by the hackers have been notified. The company would not identify those accounts.
The attacks by a group Microsoft calls Phosphorous occurred during a 30-day period between August and September.
Burt said the Iranian hackers used password reset and account recovery features to try to take over accounts. For example, they gathered phone numbers belonging to targets to help with a password reset. In other cases, they tried to get into secondary email accounts that might be linked to the Microsoft account to gain access via a verification email.
The hackers researched their targets, making more than 2,700 attempts to identify emails belonging to a specific Microsoft customer. A spokeswoman declined to provide more details.
The company has previously taken legal steps to combat Iran-linked hackers, suing them in federal court in Washington D.C., so Microsoft could take control of websites Phosphorous used to conduct hacking operations and to stop attacks.