Microsoft revealed that they have recently seen “significant cyber activity” by a threat group that Microsoft is calling Phosphorus. Microsoft believes Phosphorus originates from Iran and is linked to the Iranian government.
In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 27,000 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts. The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics, and prominent Iranians living outside of Iran.
Microsoft stated that four accounts were compromised as a result of these attempts. The four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials. Microsoft has notified the customers related to the investigations and threats and has worked as requested with those whose accounts were compromised to secure them.
Microsoft did not say what U.S. presidential campaign was targeted. There are a lot of people currently running a 2020 presidential campaign, so I think it would be incredibly difficult to figure out which one of them was affected by the attempts of Phosphorus.
I would assume that Microsoft would be the most reliable source regarding which presidential campaign may have been affected. Personally, I am very hesitant to trust news articles that reference anonymous “sources” about this sort of thing.
That said, it appears “sources” told Reuters and The New York Times that it was President Trump’s 2020 campaign that was affected. However, The New York Times also reported, that the Trump campaign’s communications director, Tim Murtaugh, said in a statement that “we have no indication that any of our campaign infrastructure was targeted.”