The wave of attacks lasted 30 days from August to September and included over 2700 intrusion attempts on 241 online accounts. The accounts concerned belonged to a presidential candidate, his staff, journalists covering the campaign and Iranian figures residing outside Iran, Microsoft says. The attackers attempted to gather victims' biographical and hobbies information to enable them to enable password resets and other recovery services provided by the Redmond company.
“Although the attacks were not technically sophisticated, the attackers tried to use a significant amount of personal information to identify accounts and, in some cases, to attempt intrusion (…). This effort suggests that Phosphorous members are highly motivated and willing to invest a lot of time and resources in research and other forms of data collection, ”says Tom Burt, Microsoft's vice president for consumer safety, quoted by ArsTechnica. He explains that attackers were trying to gain access to secondary email accounts linked to the victims' Microsoft accounts, and then trying to gain access to that primary account using verification mechanisms linked to the secondary accounts.
In July, the Redmond company had warned that more than 10,000 users had been the victims of attacks by payroll groups from nations such as Iran, Russia and South Korea. Of these, 84% of attacks targeted users of large companies.
Microsoft's security recommendation to prevent these attacks is through two-step verification where physical keys such as Yubikey or temporary codes sent to an authentication app are used to access accounts.