Iranian Hackers Targeted Presidential Campaign, Microsoft Says

SAN FRANCISCO — Iranian hackers targeted hundreds of email accounts associated with at least one presidential campaign, as well as those of American journalists and current and former United States government officials, Microsoft said Friday, in a sign of how cyberattacks will become a fixture of the 2020 presidential election.

Microsoft said in a report that hackers, with apparent backing from Iran’s government, had made more than 2,700 attempts to identify the email accounts of current and former government officials, journalists covering political campaigns and accounts associated with one major presidential campaign. In at least four cases, the hackers successfully infiltrated inboxes.

Microsoft would not name the campaign.

The report was released as the Trump administration continues to weigh a cyberstrike against Iran to punish Tehran for what White House officials charge was an Iranian attack on Saudi oil facilities last month.

The Microsoft researchers said the hackers had tried to attack 241 accounts and were successful in four cases, using fairly unsophisticated means. In those cases, the hackers appear to have used information available about their victims online to discover their passwords. It was unclear what information they stole.

For weeks, officials from the F.B.I., the Department of Homeland Security and the National Security Agency have said they are particularly concerned about Iranian-backed attacks. Their worries stemmed from rising tensions over new sanctions on Iran and nascent Iranian activity in the 2018 midterm elections.

While the officials said they believed that all the American presidential candidates were likely targets, President Trump’s campaign has long been considered a prime target.

It was Mr. Trump who abandoned the 2015 nuclear deal with Iran last year, and who has ramped up sanctions to the point that Iran’s oil revenues have dropped sharply. The United States has also designated the Islamic Revolutionary Guard Corps a terrorist group. The guard corps oversees the nuclear program and, by some accounts, Iran’s best hacking group, its Cyber Corps.

But it is not clear whether the group Microsoft identified reports to the cyber corps or is made up, deliberately, of freelancers and others whose affiliations are harder to trace.

When Iranian officials are asked about cyberattacks, they admit nothing but note that attacks have been two-way. Three times in the past decade, the United States has directed cyberweapons against Iranian targets. The most famous attack, code-named Olympic Games, wiped out about 1,000 centrifuges at the Natanz nuclear enrichment site.

Since then, there was a long-running cybercampaign to disable Iranian missiles and, early this summer, an attack on a database that the Iranian military runs to track ships in the Persian Gulf, disabling Iranian abilities to follow and seize them.

In recent weeks, United States Cyber Command was asked to develop options for retaliating against the missile and drone attacks on Saudi Arabia’s oil fields. Officials reported that a cyberstrike against Iran, which the United States and Saudi Arabia blamed for the attacks, was emerging as the most attractive option, in an effort to avoid the kind of escalation that might result from a more conventional strike.

So far, there is no evidence of such action, but it might take a while to gain access to Iranian computer networks, and the results might be subtle. Microsoft said little about the timing of the targeting of the campaigns and journalists, but there have been similar waves of such attacks over the past several years.

Security executives at the Democratic National Committee warned staff members in an email this week that Iranian hackers might be targeting their email accounts with so-called spearphishing attacks, in which hackers try to lure their target into clicking on a malicious link or attachment. That link or attachment can give attackers a foothold into a computer network.

The hackers were also believed to be interfering with an additional security feature known as two-factor authentication — a common security method that asks for credentials beyond a password — and were creating fake LinkedIn personas to make their email lures more believable.

After Russia’s interference in the 2016 presidential campaign, Democrats have repeatedly warned their Republican counterparts that election interference cuts both ways, and that state-sponsored hackers may not always seek to help the Republican candidate. To date, Senator Mitch McConnell of Kentucky, the majority leader, has refused to bring any election security bills to the floor.

Other cybersecurity firms said they were also witnessing what appeared to be the beginning stages of several different nation-state cyberattacks on American political campaigns.

Area 1, a Silicon Valley security company that is helping presidential and Senate candidates block phishing attacks, is witnessing cyberattacks against candidates across the political spectrum, said Oren Falkowitz, its chief executive.

“We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” Mr. Falkowitz said in an interview.

In July, Tom Burt, Microsoft’s corporate vice president, told an audience at the Aspen Security Conference that Microsoft had evidence that Russia, Iran and North Korea had been the most active nations conducting cyberattacks.

Mr. Burt said Russian, Iranian and North Korean hackers had been targeting nongovernmental organizations and think tanks that work closely with political campaigns in the United States. He added that in the race to infiltrate the inboxes of American political operatives and campaigns, Chinese hackers had been notably quiet.

Source link

Show More

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker