Iran Caught Targeting US Presidential Campaign Accounts

Microsoft detected the so-called Phosphorus nation-state gang attacking 241 user accounts associated with a US presidential campaign, current and former US government officials, journalists, others.

A well-known Iranian nation-state hacking team has targeted 241 user accounts connected to a US presidential campaign, as well as existing and former government officials, journalists, and Iranian nationals residing outside that nation, according to Microsoft, which discovered the attacks.
Between August and September, Microsofts Threat Intelligence Center spotted the so-called Phosphorus hacking group — aka APT 25, Charming Kitten, and Ajax Security Team — going after specific Microsoft customers. The group made more than 2,700 attempts to get those accounts, ultimately targeting 241 of them. They ultimately compromised four user accounts, none of which were associated with the US campaign or US government officials.
Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them, said Tom Burt, corporate vice president of customer security and trust for Microsoft, in
a blog post
about the incident today.
The hackers spoofed password reset or account recovery alerts as a way to infiltrate the victim accounts. For example, they would seek access to a secondary email account linked to a users Microsoft account, then attempt to gain access to a users Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets, Burt explained.
Phosphorus has been a relatively active threat group.
Microsoft in March took down
99 phishing and other malicious websites run by Phosphorus, and the group was
spotted in December 2018
targeting email accounts of US Treasury members, defenders, detractors, Arab atomic scientists, Iranian civil society figures, DC think-tank employees, and officials charged with enforcing the former US-Iran nuclear deal.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
Rethinking Cybersecurity Hiring: Dumping Resumes & Other Garbage
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Iran Caught Targeting US Presidential Campaign Accounts