Microsoft disclosed that Iranian hackers targeted over 100 “high-profile” attendees of two International security conferences with spoofed invitations.
Microsoft disclosed that Iranian hackers targeted over 100 “high-profile” attendees of two International security conferences with spoofed invitations.
The Iranian-hacking group, known as Phosphorus (or APT35), sent spoofed emails posing as organizers of the Munich Security Conference, one of the leading global security and policy conferences attended by heads of state, and the upcoming Think 20 Summit in Saudi Arabia, scheduled for later this month.
The spoofed emails were sent to former government officials, policy experts and to steal passwords and other sensitive data, like email inboxes.
Microsoft’s security chief Tom Burt said that the attacks are carried out for intelligence collection.
Microsoft said that the attackers would write emails to their target requesting an invitation to the conference in “perfect English”.
“The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries,” said Tom.
“We’ve already worked with conference organizers who have and will continue to warn their attendees, and we’re disclosing what we’ve seen so that everyone can remain vigilant to this approach being used in connection with other conferences or events.”
Microsoft did not identify the nationalities of the people targeted; it said the activity is unrelated to the upcoming U.S elections.
Even though the hacking group is referred to as an “Iranian actor” it does not tie it to the Iranian government.
Cybersecurity researchers have said the group tries typically to infiltrate a target’s online accounts and computer networks by drawing them into clicking on a link to a compromised website or opening a malicious attachment.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?