Microsoft experts talked that Iranian government hackers have successfully hacked the email accounts of a number of dignitaries and potential attendees to the Munich Security Conference and Think 20 (T20) summit. In total, more than 100 people suffered in the attacks.
The Munich Security Conference is famous for bringing together hundreds of dignitaries and influential politicians from around the world, including heads of state, ministers and NGO leaders. Think 20 is another major conference that gathers together political experts and world leaders, where formulated policy decisions before the annual G20 summit.
Experts associate this campaign with the Iranian hacker group Phosphorus (also known as Charming Kitten, APT35 and Magic Hound). The attacks were part of a cyber-espionage campaign, whose main goal was to collect information from victims’ mailboxes, as well as lists of their contacts. The collected data was sent to the addresses de-ma[.]online, g20saudi.000webhostapp[.]com and ksat20.000webhostapp[.]com.
The members of Phosphorus acted according to the classic scheme – they used social engineering. For example, from February to October 2020, hackers sent fake email invitations to victims, disguising themselves as the organizers of the mentioned events. At the same time, the attackers wrote in almost perfect English, and not everyone would be able to suspect a fake in the letters.
Researchers have already notified both event organizers and hackers’ victims about an accident.
Microsoft emphasizes that these attacks were not related to the upcoming US presidential elections. The fact is that last month Microsoft already warned of another series of attacks, for which, according to experts, are responsible government hack groups acting on behalf of Russia, China and Iran.
In the course of these attacks, hackers targeted organizations and individuals, in one way or another associated with the American elections. So, in May-June 2020, members of the same Phosphorus group tried to log into the accounts of people associated with the Trump campaign, as well as officials in the US administration, although they did not succeed in their attempts.
At the beginning of the year, USA Homeland Security issued a warning about possible acts of terrorism and cyberattacks by Iran in response to the assassination of General Kassem Suleimani, perhaps the hackers needed more time to prepare. But in any case, it is clear that Iran remembers the grievances for a long time and is not going to end the cyber war.
