Microsoft Threat Intelligence Centre (MTIC) has found that Phosphorous which is an Iran-based threat group tried to take control of the 2020 US Presidential Campaign by hacking into the email accounts of the people associated with the campaign.
More About The Security Attack
In a blog post published by Microsoft states that Phosphorous threat group made around 2700 attempts to find out email accounts belonging to specific Microsoft customers. After identifying the specific Microsoft email accounts, the group attacked 241 of these accounts.
These accounts were associated with US Presidential campaigns, current and former US government officials, journalists, covering global politics and prominent Iranians living outside Iran.
As a result of the cyberattack, the group was able to get control of 4 email accounts, but luckily those 4 accounts were not associated with the US Presidential Campaign.
How The Accounts Were Attacked By Phosphorous
When going through the blog post in detail, it is found that the attackers first researched the targeted users and collected important pieces of information. The threat group later used that information to get access to the email accounts by taking advantage of the password recovery/reset feature.
For example, the group first tried to gain access to the user’s secondary account and then get into their primary Microsoft email accounts through the verification process. And in order to do all this, personal information of the targeted users are required,
Seeing the process of the Phosphorus attack, it cannot be termed as “highly sophisticated”. Microsoft calls the attackers “highly motivated and willing” to make such type of moves.
What Microsoft Has to Say Regarding The Solution
With the blog post, the company has clearly said to enable the two-factor authentication feature to secure the accounts. This feature can be enabled by going through the account’s security settings. In addition to this, Microsoft has also advised people to keep track of their account login activities.
It is also necessary to notify Microsoft and ultimately change the password if you encounter any suspicious activity happening in your account.