Iran-Linked Hacking Group Targets Trump’s 2020 Campaign

Iran Hacking group

By Pooya Stone

A hacking group that seems to be affiliated with the Iranian government tried and failed to break into the re-election campaign of Donald Trump, according to sources familiar with the operation.

On Friday, software giant Microsoft posted a blog detailing “significant” cyber activity by this group, dubbed “Phosphorous” by Microsoft,  which also targeted current and former US officials, journalists covering global politics, and prominent members of the Iranian diaspora.

Trump’s official campaign website is the only one of the remaining major 2020 contenders’ sites that is linked to Microsoft’s cloud email service.

Tim Murtaugh, the Director of Communications for the Trump campaign, said: “We have no indication that any of our campaign infrastructures was targeted.”

Phosphorous made over 2,700 attempts to identify consumer email accounts belonging to specific customers in a 30-day period between August and September and attacked 241 of those accounts.

Microsoft wrote: “Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former US government officials.”

Microsoft said that the attacks were not technically sophisticated, but suggested that Phosphorous is “highly motivated” and “willing to invest significant time and resources”.

Microsoft did not identify the election campaign targeted by Phosphorous,  also known as APT 35, Charming Kitten, and Ajax Security Team, but sources said Trump’s re-election campaign was the target.

Chris Krebs, director of the Homeland Security Department’s election security division (CISA), said he was aware of the Microsoft report and that this provided further evidence that America’s adversaries are looking to undermine democratic institutions.

Hacking as a form of election interference became a major concern for governments after US intelligence agencies concluded that Russia ran a hacking and propaganda operation during the 2016 election cycle to help Trump become president.

Since Trump became president, tensions between the US and Iran have risen considerably with Trump pulling the US out of the 2015 nuclear deal, citing Iranian noncompliance.

Iran has not commented on Microsoft’s statement.

John Hultquist, director of intelligence at cybersecurity firm FireEye Inc, said this group had been conducting “high-volume operations” aimed at harvesting credentials for online accounts.

Microsoft has been monitoring Phosphorus since 2013 and in March received a court order to take control of 99 websites the group used to execute attacks. One of the computer networks used by 2016 Democratic presidential candidate Hillary Clinton’s campaign was hacked during a cyber attack on Democratic Party political organizations.