Microsoft: Iranian hacking group targeting attendees of major international security conferences

Microsoft: Iranian hacking group targeting attendees of major international security conferences

Microsoft on Wednesday reported that an Iranian hacking group had attempted to target high-ranking attendees of international security conferences, including the upcoming Munich Security Conference. 

Tom Burt, the corporate vice president of Customer Security and Trust at Microsoft, wrote in a blog post that the Iranian hacking group known as “Phosphorus” had “masqueraded” as conference organizers in order to target around 100 high profile individuals who are set to attend the Munich Security Conference or the Think 20 (T20) Summit in Saudi Arabia.

The hacking group sent phishing emails, written in English, inviting recipients to attend the conferences and giving details on travel logistics and potential remote sessions. According to Burt, the group was able to successfully compromise the accounts of “several victims,” including those belonging to former ambassadors and other foreign policy experts. 


“We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote. “We’ve already worked with conference organizers who have warned and will continue to warn their attendees, and we’re disclosing what we’ve seen so that everyone can remain vigilant to this approach being used in connection with other conferences or events.”

The annual Munich Security Conference is due to take place over three days in February next year, while the T20 Summit will take place beginning later this week. 

While the schedule for next year’s Munich Security Conference has not yet been announced, 2020 participants included high-ranking leaders from all over the world, including French President Emmanuel MacronEmmanuel Jean-Michel MacronEuropean strategic autonomy? Let's start with national autonomy French ambassador: Free speech is our best defense against hate crimes French president warns of steps to dissuade holiday ski trips to Switzerland MORE, Canadian Prime Minister Justin TrudeauJustin Pierre James TrudeauCanada not ready to lift border restrictions with US as COVID-19 spikes Canada moves to limit prescription drug exports after Trump order Trudeau says Canadians will likely have to wait until 2021 for first doses of COVID-19 vaccine MORE, Secretary of State Mike PompeoMichael (Mike) Richard PompeoPompeo imposes visa restrictions on Chinese officials over 'intimidation' tactics Israel's new Gulf relations give Biden's team a new Middle East hub Pompeo knocks Turkey in NATO speech: report MORE and Speaker Nancy PelosiNancy PelosiOn The Money: Unemployment gains lower than expected | Jobs report lights fire under coronavirus relief talks Hillicon Valley: Senate Intelligence Committee leaders warn of Chinese threats to national security | Biden says China must play by 'international norms' | House Democrats use Markup app for leadership contest voting Bipartisan governors call on Congress to pass coronavirus relief package MORE (D-Calif.). 

Microsoft disclosed last year that the Phosphorus group, which the company believes is tied to the Iranian government, had targeted and attacked hundreds of Microsoft accounts, including accounts used by staffers of an unnamed presidential campaign. 

Reuters later reported that the campaign targeted was President TrumpDonald John TrumpAppeals court OKs White House diverting military funding to border wall construction Pentagon: Tentative meeting between spy agencies, Biden transition set for early next week Conservative policy director calls Section 230 repeal an 'existential threat' for tech MORE's reelection campaign, though a Trump campaign spokesperson told The Hill at the time that there was “no indication” that any campaign infrastructure was targeted. 


Burt emphasized Wednesday that the new activity was not “tied to the U.S. elections in any way.”

Microsoft warned in September that it was seeing a spike in nation-state cyber targeting of U.S. public policy groups and organizations involved in COVID-19 research. Burt pointed to this assessment Wednesday in urging groups to stay on guard against malicious cyber targeting.

“We will continue to use a combination of technology, operations, legal action and policy to disrupt and deter malicious activity, but nothing replaces vigilance from people who are likely targets of these operations,” Burt wrote.