Cyprus Mail
Business International

Microsoft detects cyberattacks from Iran-linked hackers

Kill Chain

Microsoft said on Wednesday that it had “detected and worked to stop a series of cyberattacks from the threat actor Phosphorous masquerading as conference organisers to target more than 100 high-profile individuals.”

“Phosphorus, an Iranian actor, has targeted with this scheme potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia,” Microsoft said in a statement.

The Munich Security Conference is the most important gathering on the topic of security for heads of state and other world leaders, and it has been held annually for nearly 60 years. Likewise, T20 is a highly visible event that shapes policy ideas for the G20 nations and informs their critical discussions.

“Based on current analysis, we do not believe this activity is tied to the U.S. elections in any way,” the statement noted. But Microsoft had disclosed last year that the Phosphorus group, which the company believes is tied to the Iranian government, had targeted and attacked hundreds of Microsoft accounts, including accounts used by staffers of an unnamed presidential campaign.

“The attackers have been sending possible attendees spoofed invitations by email. The emails use near-perfect English and were sent to former government officials, policy experts, academics and leaders from non-governmental organizations. Phosphorus helped assuage fears of travel during the Covid-19 pandemic by offering remote sessions.”

Phosphorus is engaging in these attacks for intelligence collection purposes, according to Microsoft. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.”

Microsoft said that it had warned all persons concerned by the cyber attack.

This activity was uncovered by Microsoft’s Threat Intelligence Information Center, or MSTIC, which tracks the world’s nation-state and cybercrime actors so we can better protect our customers. “MSTIC is also critical to the work of our Defending Democracy Program, powering our AccountGuard threat notification service available in 30 countries worldwide and fueling the intelligence we share to help keep elections secure. We build new protections into our products regularly based on the threats MSTIC uncovers.”

Related posts

Battle lines drawn in row over foreclosures

Elias Hazou

Latest EU stress tests show Cyprus banks resilient

Major Ethereum upgrade set to alter supply, fix transaction fees, raise price

Anatomy of a Cyprus data centre

Andrew Rosenbaum

Cyprus Business Now

Kyriacos Nicolaou

Making the business case for data centres in Cyprus

Andrew Rosenbaum