Abu Dhabi, UAEThursday 26 November 2020

Microsoft: Iranian hacker group hits ‘100 high-profile people’

Analysts believe the group is conducting state-sponsored attacks

Cyber security experts have warned that online criminals are hoping to exploit the fact that more people than ever will be shopping online this Christmas. Reuters
Cyber security experts have warned that online criminals are hoping to exploit the fact that more people than ever will be shopping online this Christmas. Reuters

Iranian hackers have attacked 100 “high-profile” individuals including government officials, former ambassadors and Iran policy experts, said Microsoft, which released a statement on the attacks on Wednesday.

Tom Burt, head of security at Microsoft, said some of the attempts were successful.

The hackers, identified by Microsoft as a group known as Phosphorus, reportedly posed as conference organisers in Saudi Arabia and Germany.

Email accounts were targeted in a sophisticated phishing attack, in which potential victims are duped into clicking on a link or downloading malicious software that compromises their device.

Microsoft’s statement suggests that the Phosphorus group, also known as APT35 or Charming Kitten, is almost certainly connected to the Iranian government.

The company said it did not believe the hacking attempt was an effort to influence the US election.

Phosphorus has previously attacked activists, journalists and defence employees whose work focused on Iran, an assertion also made in 2017 by cyber security company ClearSky, which published a report on the group.

Phishing has long been favoured by Iranian cyber warfare agents, said security companies CrowdStrike and Dragos.

Two high-profile events were Phosphorus targets, Microsoft said.

Potential victims included attendees of the forthcoming Munich Security Conference in February, which attracts high-level delegates including world leaders.

People attending the Think 20 summit in Saudi Arabia, which will be hosted remotely this year, were also targets.

Microsoft’s statement on the attack pointed to an intelligence operation at the highest levels, suggesting Iran was attempting to anticipate and influence foreign government policy.

“We believe Phosphorus is engaging in these attacks for intelligence collection purposes. The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.”

Last year, Microsoft took legal action to gain control of 99 websites belonging to Phosphorus to protect its systems, customers and reputation.

Updated: October 29, 2020 10:09 PM

Editor's Picks
THE DAILY NEWSLETTER
Sign up to our daily email