Microsoft says Iranian hackers have posed as conference organizers in Germany and Saudi Arabia in an attempt to break into the email accounts of “high-profile” people with spoofed invitations
The tech company said Wednesday it detected attempts by the hacking group it calls Phosphorus to trick former government officials, policy experts and academics.
“We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” said Tom Burt, Microsoft’s security chief, in a prepared statement. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.”
Wednesday’s announcement refers to the hacking group as an “Iranian actor” but doesn’t explicitly tie it to the Iranian government. Microsoft calls it Phosphorus, while others call it APT35 or Charming Kitten.
The Redmond, Washington tech company has been tracking the group since 2013 and has previously accused it of trying to snoop on activists, journalists, political dissidents, defense industry workers and others in the Middle East.
Cybersecurity researchers have said the group typically tries to infiltrate a target’s personal online accounts and computer networks by luring them into clicking on a link to a compromised website or opening a malicious attachment.