Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorus, which we believe originates from Iran and is linked to the Iranian government. We’re sharing this for two reasons.
First, it is important that we all – governments and private sector – are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes. Second, while we have processes to notify customers about nation state activity and have AccountGuard to monitor accounts of campaigns and other associated organizations related to election processes in democracies around the world, publishing this information should help others be more vigilant and take steps to protect themselves.
In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts. The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran. Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials. Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them.
continue reading at Microsoft Blog.
I highly recommend using the Two-Factor Authentication to provide additional layer of protection accessing your email. It’s easy to setup.
Featured image by Microsoft