A group of hackers believed to be based in Iran and linked to the Iranian government has sought to break into thousands of email accounts, including some associated with a U.S. presidential campaign, Microsoft said Friday.
The group, which Microsoft referred to by the name Phosphorus, identified about 2,700 email accounts and attacked 241 during a recent one-month period. Four of them were compromised, the company said without identifying which presidential campaign was identified or whether it was among those attacked.
The New York Times reported that President Donald Trump's 2020 re-election campaign had been the target, citing two unnamed sources with knowledge of the attacks.
The report gave no details on what information may have been taken.
Tim Murtaugh, the Trump campaign's communications director, said, "We have no indication that any of our campaign infrastructure was targeted," in a statement quoted by U.S. media.
The group researched their targets, which also included current and former U.S. government employees, journalists and exiled Iranians, to get information that could be used to reset passwords or take advantage of account recovery features, Microsoft said in a statement.
The U.S. software giant said among the methods used was one that first sought access to a secondary email account linked to a user's Microsoft account. The hackers then attempted to gain access to the Microsoft account through verification sent to the secondary account.
In some instances they gathered phone numbers and used them to assist in authenticating password resets.
"While the attacks we're disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks," Microsoft said.
The efforts suggest that Phosphorous is "highly motivated" and willing to invest heavily in gathering information, the statement said.
Microsoft said it was releasing the information because it wanted to be transparent about such attacks and efforts to disrupt democratic processes.