Microsoft experts reportthat Iranian government hackers have successfully hacked the email accounts of a number of dignitaries and potential attendees to the Munich Security Conference and Think 20 (T20) summit. In total, more than 100 people were killed in the attacks.
The Munich Security Conference is renowned for bringing together hundreds of dignitaries and influential politicians from around the world, including heads of state, ministers and NGO leaders. Think 20 is another major conference that brings together political experts and world leaders to develop policy decisions ahead of the annual G20 summit.
Experts associate the campaign with the Iranian hacker group Phosphorus (also known as Charming Kitten, APT35 and Magic Hound). The attacks were part of a cyber-espionage campaign whose main goal was to collect information from victims' mailboxes, as well as lists of their contacts. The collected data was sent to the addresses de-ma (.) Online, g20saudi.000webhostapp (.) Com and ksat20.000webhostapp (.) Com.
“The attacks have successfully compromised several victims, including former ambassadors and other senior political experts who help shape global agendas and foreign policy in their countries,” writes Tom Burt, Microsoft's corporate vice president of security and customer trust.
The Phosphorus members acted according to the classical scheme – they used social engineering. For example, from February to October 2020, hackers sent fake email invitations to victims, disguising themselves as the organizers of the mentioned events. At the same time, the attackers wrote in almost perfect English, and not everyone would be able to suspect a fake in the letters.
Researchers have already notified both event organizers and those affected by hackers about what is happening.
Microsoft emphasizes that these attacks were not related to the upcoming US presidential elections. The fact is that last month Microsoft already warned about another series of attacks, for which, according to experts, government hack groups acting on behalf of Russia, China and Iran are responsible. In the course of these attacks, hackers targeted organizations and individuals in one way or another associated with the American elections. So, in May-June 2020, members of the same Phosphorus group tried to log into the accounts of people associated with the Trump campaign, as well as officials in the US administration, although they did not succeed in their attempts.