Microsoft Explains How “Phosphorus” Tried To Hack US Presidential Campaign

by
Microsoft Explains How Phosphorus Tried To Hack US Presidential Campaign

Microsoft Threat Intelligence Centre (MTIC) has found that Phosphorous which is an Iran-based threat group tried to take control of the 2020 US Presidential Campaign by hacking into the email accounts of the people associated with the campaign.

More About The Security Attack

In a blog post published by Microsoft states that Phosphorous threat group made around 2700 attempts to find out email accounts belonging to specific Microsoft customers. After identifying the specific Microsoft email accounts, the group attacked 241 of these accounts.

These accounts were associated with US Presidential campaigns, current and former US government officials, journalists, covering global politics and prominent Iranians living outside Iran.

As a result of the cyberattack, the group was able to get control of 4 email accounts, but luckily those 4 accounts were not associated with the US Presidential Campaign.

How The Accounts Were Attacked By Phosphorous

When going through the blog post in detail, it is found that the attackers first researched the targeted users and collected important pieces of information. The threat group later used that information to get access to the email accounts by taking advantage of the password recovery/reset feature.

For example, the group first tried to gain access to the user’s secondary account and then get into their primary Microsoft email accounts through the verification process. And in order to do all this, personal information of the targeted users are required,

Seeing the process of the Phosphorus attack, it cannot be termed as “highly sophisticated”. Microsoft calls the attackers “highly motivated and willing” to make such type of moves.

What Microsoft Has to Say Regarding The Solution

With the blog post, the company has clearly said to enable the two-factor authentication feature to secure the accounts. This feature can be enabled by going through the account’s security settings. In addition to this, Microsoft has also advised people to keep track of their account login activities.

It is also necessary to notify Microsoft and ultimately change the password if you encounter any suspicious activity happening in your account.

  • CodyCross Solutions At the bottom of the sea
  • How to change group name in WhatsApp (2024)
  • 3000+ Funny Group Chat Names for Family, Friends, Girls, Boys, and Team
  • Simple Guide to Create Microsoft account
  • How to delete your Google Account
  • 10 Best Twitter Apps For Android in 2024
  • Top 5 Banks Offering Domiciliary Account in Nigeria
  • Latest way To Find Twitter Username History in 2024
  • How To Create And Manage Two Or More Twitter Accounts
  • Microsoft Authenticator – what it is, how it works and how to use it!
    • author image

    About Author

    Samuel Afolabi is a lazy tech-savvy that loves writing almost all tech-related kinds of stuff. He is the Editor-in-Chief of TechVaz. You can connect with him socially :)

    Leave a Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    TechVaz.com is a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high remarks to only the very best. We are independently owned and the opinions expressed here are our own. We are also a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. See our Affiliate Disclosure page.