Microsoft calls the Iran-linked hacker group Phosphorous, and has tracked its activity in the past. The group is also known as APT 35 and Charming Kitten. In March, unsealed court documents revealed that Microsoft had obtained a court order to take over and dismantle 99 websites the group had used to launch its attacks."While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks," Tom Burt, Microsoft's corporate vice president of customer security and trust wrote in the report on Friday. "It is important that we all—governments and private sector—are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes."
The Iranian group's tactics may not involve cutting edge digital hacking tools, but tailored phishing attacks were, after all, how Russia got access to sensitive documents from both the Democratic National Committee and Hillary Clinton's presidential campaign in 2016. Charming Kitten is known for conducting careful research on its targets, crafting tailored phishing campaigns, and hoarding the log-in credentials it nabs in its attacks. The group is consistently active, but in the past researchers have noticed that it goes through quieter periods, perhaps while planning hacking campaigns, followed by bursts of activity. In October 2018, for example, Charming Kitten launched a series of attacks against US Treasury officials, diplomatic groups, and Washington, DC think tanks.
Microsoft says that in the campaign it observed, Charming Kitten used personal details about the targets—including phone numbers and secondary email addresses—to try to reset passwords and take over accounts.
Iranian hackers have gradually ramped up their activity against US targets roughly since October 2017 , when Trump first announced that he would not re-certify Iran’s cooperation with the 2015 Obama Administration nuclear agreement. But over the last few months, tensions between the two countries have escalated even more , fueling combative rhetoric from Trump and cyberaggression on both sides.More troublingly, the attack drives home the point that experts have long warned about: Russia's not the only country interested in interfering in the 2020 US election."Due to the success of the Russians in the 2016 US election, their model is being emulated across the globe," says Jeff Bardin, the chief intelligence officer of the cybersecurity intelligence firm Treadstone 71, which monitors Iranian hacking activity. "In terms of who Iran might target in the US, you would have to ask yourself what candidate or candidates would best suit Iranian needs as a president of the United States. And the interesting thing with that is that Iran's effort would likely be counter to the efforts of Russian cyber-operations and those of other countries. So what you end up having is the potential for numerous massive attempts to manipulate the American voter that may turn to absolute noise and contradictory data."