Microsoft says Iranian hackers targeted conference attendees

FILE - In this Nov. 10, 2016, photo, people walk near a Microsoft office in New York. Microsoft says Iranian hackers have posed as conference organizers in Germany and Saudi Arabia in an attempt to spy on “high-profile” people using spoofed email invitations. The tech company said Wednesday, Oct. 28, 2020, it detected attempts by the hacking group it calls Phosphorus to trick former government officials, policy experts and academics. (AP Photo/Swayne B. Hall)

REDMOND, Wash. — Microsoft says Iranian hackers have posed as conference organizers in Germany and Saudi Arabia in an attempt to break into the email accounts of “high-profile” people with spoofed invitations.

The tech company said Wednesday it detected attempts by the hacking group it calls Phosphorus to trick former government officials, policy experts and academics.

Advertisements

The targets included more than 100 prominent people invited by the hackers to the Munich Security Conference, which is attended by world leaders each February, and the upcoming Think 20 Summit, which begins later this week in Saudi Arabia but is online-only this year.

“We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” said Tom Burt, Microsoft’s security chief, in a prepared statement. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.”

Microsoft didn’t identify the nationalities of the people targeted. It said the activity is unrelated to the upcoming U.S. elections.

Wednesday’s announcement refers to the hacking group as an “Iranian actor” but doesn’t explicitly tie it to the Iranian government. Microsoft calls it Phosphorus, while others call it APT35 or Charming Kitten.

The Redmond, Washington tech company has been tracking the group since 2013 and has previously accused it of trying to snoop on activists, journalists, political dissidents, defense industry workers and others in the Middle East.

Cybersecurity researchers have said the group typically tries to infiltrate a target’s personal online accounts and computer networks by luring them into clicking on a link to a compromised website or opening a malicious attachment.