Microsoft: Iranian hacking group targeting attendees of major international security conferences

Microsoft: Iranian hacking group targeting attendees of major international security conferences

Microsoft on Wednesday reported that an Iranian hacking group had attempted to target high-ranking attendees of international security conferences, including the upcoming Munich Security Conference. 

Tom Burt, the corporate vice president of Customer Security and Trust at Microsoft, wrote in a blog post that the Iranian hacking group known as “Phosphorus” had “masqueraded” as conference organizers in order to target around 100 high profile individuals who are set to attend the Munich Security Conference or the Think 20 (T20) Summit in Saudi Arabia.

The hacking group sent phishing emails, written in English, inviting recipients to attend the conferences and giving details on travel logistics and potential remote sessions. According to Burt, the group was able to successfully compromise the accounts of “several victims,” including those belonging to former ambassadors and other foreign policy experts. 


“We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote. “We’ve already worked with conference organizers who have warned and will continue to warn their attendees, and we’re disclosing what we’ve seen so that everyone can remain vigilant to this approach being used in connection with other conferences or events.”

The annual Munich Security Conference is due to take place over three days in February next year, while the T20 Summit will take place beginning later this week. 

While the schedule for next year’s Munich Security Conference has not yet been announced, 2020 participants included high-ranking leaders from all over the world, including French President Emmanuel MacronEmmanuel Jean-Michel MacronFrench ambassador to Australia blasts sub deal with US: 'Way you treat your allies does resonate' America's subplot and Europe caught in the undertow UN agency to pay salaries of Afghan health care workers MORE, Canadian Prime Minister Justin TrudeauJustin Pierre James TrudeauCanada's Trudeau apologizes for vacation on first Truth and Reconciliation Day Unvaccinated Canadian government workers to be placed on unpaid leave Canada marks first 'National Day of Truth and Reconciliation' MORE, Secretary of State Mike PompeoMike PompeoState Department watchdog probing whether Trump aides took gifts meant for foreign officials Biden shows little progress with Abraham Accords on first anniversary Biden slips further back to failed China policies MORE and Speaker Nancy PelosiNancy PelosiBiden to take part in CNN town hall in Baltimore Manchin on finishing agenda by Halloween: 'I don't know how that would happen' The Hill's Morning Report - Presented by Uber - Build Back Better items on chopping block MORE (D-Calif.). 

Microsoft disclosed last year that the Phosphorus group, which the company believes is tied to the Iranian government, had targeted and attacked hundreds of Microsoft accounts, including accounts used by staffers of an unnamed presidential campaign. 

Reuters later reported that the campaign targeted was President TrumpDonald TrumpTrump goes after Cassidy after saying he wouldn't support him for president in 2024 Jan. 6 panel lays out criminal contempt case against Bannon Hillicon Valley — Presented by Xerox — Agencies sound alarm over ransomware targeting agriculture groups MORE's reelection campaign, though a Trump campaign spokesperson told The Hill at the time that there was “no indication” that any campaign infrastructure was targeted. 

Burt emphasized Wednesday that the new activity was not “tied to the U.S. elections in any way.”

Microsoft warned in September that it was seeing a spike in nation-state cyber targeting of U.S. public policy groups and organizations involved in COVID-19 research. Burt pointed to this assessment Wednesday in urging groups to stay on guard against malicious cyber targeting.

“We will continue to use a combination of technology, operations, legal action and policy to disrupt and deter malicious activity, but nothing replaces vigilance from people who are likely targets of these operations,” Burt wrote.