Microsoft Says Iranian Hackers Targeted US Presidential Campaign


(RFE/RL) — A hacking group allegedly linked to the Iranian government has targeted a unidentified U.S. presidential campaign, Microsoft says.

The high-tech, U.S.-based company said on October 4 that U.S. government officials, media targets, and prominent expatriate Iranians, were targeted as well.

There has been no official response from Iran to Microsoft’s statement, which comes amid warnings from U.S. intelligence officials that foreign governments are looking for ways to disrupt the 2020 U.S. presidential election.

U.S. intelligence agencies have concluded that Russia tried to disrupt the 2016 election.

Microsoft’s allegations also come amid heightened tensions between Tehran and Washington since President Donald Trump withdrew the United States from a 2015 international nuclear agreement.

In a blog post, Tom Burt, corporate vice president for security at Microsoft, said the hacking group had breached four accounts after attempts on 241 accounts.

None of the four penetrated accounts was linked to presidential campaigns or current or past U.S. officials, Burt said.

The attacks by a group Microsoft called Phosphorous occurred during a 30-day period between August and September.

Burt said the Iranian hackers used password reset and account recovery features to try to take over accounts.

The U.S. Department of Homeland Security said it was working with Microsoft to “assess and mitigate impacts.”

The director of the department’s Cybersecurity and Infrastructure Security Agency, Chris Krebs, said Microsoft’s claims that a presidential campaign was targeted is “yet more evidence that our adversaries are looking to undermine our democratic institutions.”

U.S. tech companies including Microsoft, Facebook, and Twitter have been under pressure to ramp up security for next year’s U.S. presidential election and other polls around the world.

In July, Microsoft said that nearly 10,000 customers were “targeted or compromised by nation-state attacks” in the past year.

The majority of the activity originated from hackers in Iran, North Korea, and Russia, the company said.


RFE/RL journalists report the news in 21 countries where a free press is banned by the government or not fully established.

Leave a Reply

Your email address will not be published. Required fields are marked *