Iran Caught Targeting US Presidential Campaign Accounts


Iran Caught Targeting US Presidential Campaign Accounts (Oct 4, 2019)

Phosphorus, an Iranian state attack group, have been targeting the accounts of 241 users connected to a US Presidential campaign. Between August and September, Microsoft observed over 2,700 attempts to identify email accounts associated with customers involved in a US Presidential campaign, along with journalists covering politics. The group gathered publicly-available information to attempt to reset the passwords of the accounts, as well as accessing phone numbers associated with the accounts. The customers affected have been notified by Microsoft.

Recommendation: It is crucial that your company has password policies in place to avoid repetition across accounts and those that be easily brute-force attacked. Education is the best defense. Using secure and unique passwords for all online accounts is important with penetration-testing tools freely available that could be used by threat actors for malicious purposes. Multi-factor authentication, and frequent password changes can help protect trade secrets and other forms of sensitive data.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.