Microsoft recently reported that hackers backed by the Iranian government had attacked two international security and policy conferences. More than 100 high-profile members were present at these conferences who were under the target of the hackers.
The name of the group behind the hack is Phosphorus or APT35. Spoofed emails had been sent, posing as the Munich Security Conference’s organizers, one of the main global security and policy conferences. Similar emails were sent for the Think Summit 20, which has been scheduled in Saudi Arabia to be held by the end of the month.
As disclosed by Microsoft, the aim behind sending the emails was to gather sensitive information from the receivers. Mostly former government officials were on the list of receivers of these emails so they could steal passwords and get into the email inbox of these officials.
Microsoft hasn’t revealed the clear and ultimate goal of the hack, but the company’s customer security and trust chief Tom Burt has said that the purpose could be intelligence collection from what the scenario looks like. He further added that “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.”
Burt has also made it clear that all attendees of such conferences have already been warned about similar circumstances approaching their doorstep. The company is working with conference organizers to ensure that the attendees are aware of the scenario. Hence, maximum information has been disclosed to the attendees and organizers related to the hack.
Microsoft explained how hackers had been using emails to gather information. First, the receiver would get an email invite to the event, and upon accepting the invitation, a fake login page would come up where it would require a password and username. This would allow the hacker to later login to inbox of target and go through anything that’s there.
Previous hacking campaigns have also been carried out by the same group on high-profile victims only. Iran’s consulate wasn’t available for any comment at the moment because of a website issue.
Phosphorus, as a group, has been known to target high-profile clients only through their hacking campaigns. Politicians and presidential hopefuls have been very specific targets under these. Although, no connection has been stated with the upcoming presidential elections.
In the previous year, similar hacks had targeted more than 10000 people, and many groups were collectively identified to have been involved in these hacks. Microsoft also tried to get a court order to get a hold of the domain that was being used by Phosphorus specifically.
Image Source: The New York Times