Iran has launched a cyberwar that includes President Donald Trump’s re-election campaign among its targets, according to published reports.
A report by The New York Times on Friday cited information released by Microsoft that said that Iranian hackers made more than 2,700 attempts to get the email accounts of various present and former American government officials as well as accounts linked to a presidential campaign. The Times said sources it did not name identified the campaign targeted as that of the president.
The Trump campaign said that its website has not been compromised.
“We have no indication that any of our campaign infrastructure was targeted,” Trump campaign Director of Communications Tim Murtaugh said.
Microsoft said the hacking took place in August and September over a 30-day timeframe, roughly corresponding with the latest imposition of sanctions against Iran.
Microsoft said that 241 accounts were actually attacked.
“The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran,” the Microsoft blog post read, adding that it has notified all Microsoft customers impacted.
“Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials.”
The blog post explained how the attacks were conducted as a way to encourage users to safeguard information.
“Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts. For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account,” the blog post read.
“In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”
‘While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks. This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering,” the post said.
One expert said hacking attempts against candidates are going to increase.
“We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” said Oren Falkowitz, the chief executive of the cybersecurity company Area 1, in an interview.
One commentator said campaigns can often be easy pickings for hackers.
“Campaigns only last until Election Day or when your candidate drops out,” Tad Devine, an adviser for Democratic presidential candidate Sen. Bernie Sanders of Vermont in 2016, told The Times.
“If you spend too much on cybersecurity and not enough on voter contact, you’ll end your campaign by not making enough voter contact. So that’s the conundrum that campaigns are in.”
“Politics is a risk business. You have to decide what risk you’re going to take,” he said.