Phosphorus threat group targets email accounts

Phosphorus threat group targets email accounts

Microsoft has warned a cyber threat group dubbed Phosphorus has recently targeted email accounts belonging to Microsoft customers.

The company believes the cyber attacks have originated from Iran and is linked to the Iranian government.

“In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts,” Microsoft warned in a recent blog post.

Tom Burt, Corporate Vice President of Microsoft’s Customer Security & Trust, said some of the targeted emails accounts are linked to people involved with U.S. presidential campaigns. He also added attackers have been targeting current and former U.S. government officials, global political journalists and prominent Iranians living outside of Iran.

Microsoft has contacted impacted customers of the threat and worked to help secure compromised accounts.

Burt added the attacks were not technically sophisticated. However, he said the attackers are “highly motivated and willing to invest significant time and resources” in order to gather personal information on their targets.

In one case, Phosphorus leveraged a linked secondary email account to gain access to a user’s primary Microsoft email account via a verification email. In another case, the actors obtained a target’s phone number to help authenticate a password reset.

Earlier this year, Microsoft used a court order to take control of 99 websites used by Phosphorus hackers (also known as APT35 or Charming Kitten).

Microsoft recommended Microsoft customers be vigilant of such attacks and advised users implement two-step verification on their email accounts. In addition, users should review their login history for any suspicious login attempts.