Want CNET to notify you of price drops and the latest stories?

Iranian hackers targeted a US presidential campaign, Microsoft says

Between August and September, Microsoft discovered more than 2,700 attempts to hack a presidential campaign as well as US officials.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

Microsoft says four accounts were successfully hacked.

James Martin/CNET

Microsoft has disclosed details on a significant hacking effort from Iran, which targeted a US presidential campaign between August and September. 

Iranian hackers made more than 2,700 attempts to break in to email accounts belonging to a US presidential campaign, current and former US government officials, as well as journalists and prominent Iranians living outside the country, according to a post Friday by Microsoft's corporate vice president on customer security and trust, Tom Burt. 

Microsoft declined to name whose presidential campaign the Iranian hackers targeted. Reuters reported Friday that the hackers were targeting President Donald Trump's campaign, noting that his campaign's official website is the only candidate's page linked to Microsoft's cloud email service.

The group, which Microsoft called Phosphorous, attacked 241 email accounts, and successfully infiltrated four accounts in its campaign, the company said. US government officials and the presidential campaign were not among the four compromised accounts. 

Microsoft said it believes the hackers are linked to the Iranian government. They gained access to four accounts by tricking password reset features, the company said.  

"While the attacks we're disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks," Burt said in the post.

The director of the US' Cybersecurity and Infrastructure Security Agency, Chris Krebs, said the agency is aware of the hacking attempts, and is working with Microsoft to investigate. 

"While much of this activity can likely be attributed to run-of-the-mill foreign intelligence service work, Microsoft's claims that a presidential campaign was targeted is yet more evidence that our adversaries are looking to undermine our democratic institutions," Krebs said in a statement.

The attempted hacks on a US presidential campaign highlight concerns surrounding the 2020 election. Russian hackers successfully accessed the Democratic National Committee's servers in 2016, leading to significant election interference during the presidential election. The efforts continued for the midterm elections, as hackers targeted then-Sen. Claire McCaskill in June 2018. 

Google had also warned lawmakers in 2018 that foreign hackers would be targeting their Gmail accounts. US politicians are a prime target for cyberattacks as the 2020 presidential election approaches. Nation-state actors are looking to access sensitive documents from political campaigns to interfere with US politics.

Microsoft didn't disclose which presidential campaign was targeted in the attack. The Iranian hackers would seek access to a secondary email tied to the target's Microsoft account. Once they had access to that account, they would prompt a password reset and use that to break in, the company said. 
In some cases, the hackers used phone numbers associated with the accounts, a technique similar to how Twitter CEO Jack Dorsey had his account hacked

Originally published Oct. 4, 9:24 a.m. PT.
Update, 9:39 a.m. PT:
To add more details on the hacking attempts. Update, 11 a.m. PT: With comment from CISA. Update, 1:21 p.m. PT: Adds reported information on whose campaign the Iranian hackers targeted.