Microsoft detects cyberattacks by 'Iranian actor' for intelligence collection

Microsoft Corp said on October 28 that it detected and worked to stop a series of cyberattacks from Phosphorus, which the company described as an “Iranian actor”. The tech firm said that Phosphorous was masquerading as conference organisers to target more than 100 high-profile individuals. 

“Phosphorus, an Iranian actor, has targeted with this scheme potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia,” Microsoft said in a blog.

The Munich Security Conference is one of the most important gatherings on the international security policy for heads of state and other world leaders. T20 is also a highly visible event that shapes policy ideas for the G20 nations and informs their critical discussions. Microsoft believes that Phosphorus is engaging in these attacks for "intelligence collection purposes."

Microsoft said that the attackers have been sending spoofed invitation emails to possible attendees. It stated that the emails were sent to former government officials, policy experts, academics and leaders from non-governmental organizations. The attackers also helped assuage fears of travel during the Covid-19 pandemic by offering remote sessions.

“The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries,” said the tech giant.

Read: Taiwan Government Accuses China Of Cyberattack, Claims 6,000 Email Accounts Compromised
Read: Russia Dismisses US Cyberattack Charges On Military Personnel As 'Russophobia'

Linked to US election?

Microsoft also clarified that this activity is not believed to be tied to the US elections in any way, putting any speculations to rest after US intelligence recently warned that Iran has obtained voter information ahead of the presidential elections to influence public opinion. Last week, Director of National Intelligence John Ratcliffe told a news conference that Iran’s “spoofed emails”, claimed to be sent by the Proud Boys, was designed incite social unrest and damage electoral chances of Trump.

“If you received an intimidating or manipulative email in your inbox, do not be alarmed and do not spread it. this is not a partisan issue,” he had insisted.

Read: Norway Holds Russia Responsible For Cyberattack On Parliament, Moscow Rejects Allegations
Read: Elon Musk Confirms 'serious' Cyberattack On Tesla By Russian Citizen