Microsoft experts talked about Iranian hackers attacks on security conference participants

Microsoft talked about Iranian hackers

Microsoft experts talked that Iranian government hackers have successfully hacked the email accounts of a number of dignitaries and potential attendees to the Munich Security Conference and Think 20 (T20) summit. In total, more than 100 people suffered in the attacks.

The Munich Security Conference is famous for bringing together hundreds of dignitaries and influential politicians from around the world, including heads of state, ministers and NGO leaders. Think 20 is another major conference that gathers together political experts and world leaders, where formulated policy decisions before the annual G20 summit.

Experts associate this campaign with the Iranian hacker group Phosphorus (also known as Charming Kitten, APT35 and Magic Hound). The attacks were part of a cyber-espionage campaign, whose main goal was to collect information from victims’ mailboxes, as well as lists of their contacts. The collected data was sent to the addresses de-ma[.]online, g20saudi.000webhostapp[.]com and ksat20.000webhostapp[.]com.

The attacks have successfully compromised several victims, including former ambassadors and other senior political experts who help shape global agendas and foreign policy in their countries.writes Tom Burt, Microsoft's corporate vice president of security and customer trust.

The members of Phosphorus acted according to the classic scheme – they used social engineering. For example, from February to October 2020, hackers sent fake email invitations to victims, disguising themselves as the organizers of the mentioned events. At the same time, the attackers wrote in almost perfect English, and not everyone would be able to suspect a fake in the letters.

Microsoft talked about Iranian hackers
Phosphorus Attack Scheme

Researchers have already notified both event organizers and hackers’ victims about an accident.

Microsoft emphasizes that these attacks were not related to the upcoming US presidential elections. The fact is that last month Microsoft already warned of another series of attacks, for which, according to experts, are responsible government hack groups acting on behalf of Russia, China and Iran.

In the course of these attacks, hackers targeted organizations and individuals, in one way or another associated with the American elections. So, in May-June 2020, members of the same Phosphorus group tried to log into the accounts of people associated with the Trump campaign, as well as officials in the US administration, although they did not succeed in their attempts.

At the beginning of the year, USA Homeland Security issued a warning about possible acts of terrorism and cyberattacks by Iran in response to the assassination of General Kassem Suleimani, perhaps the hackers needed more time to prepare. But in any case, it is clear that Iran remembers the grievances for a long time and is not going to end the cyber war.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *