microsoft account
microsoft account

The notorious ‘Phosphorus’ aka ‘APT 35’, ‘Charming Kitten’, and ‘Ajax Security Team’ hacking group from Iran which, by the way, also seems to be linked to the Iranian government is now making headlines for targeting some very particular Microsoft customers over 30 days in August and September this year.

What is the attack?
Microsoft has found that hackers are gaining personal information about their targets and using it to breach into their email accounts by misusing account recovery features like secondary email account and password reset.

Who is the target?
The US government.
Microsoft said, “The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.”


Phosphorus has:

1. Attempted 2700 times to identify their targets’ accounts
2. Attacked 241 of them
3. Successfully breached 4

How bad is it?

The 4 compromised accounts do not belong to anyone associated with the Presidential campaign or the government but it is still a matter of high concern considering the number of attempts that the perpetrators are making to infiltrate the political infrastructure. It is expected that with the elections approaching, the attempts are only going to get larger and nastier.

How are they doing it?
The attackers are using social engineering techniques to steal data.
(Expand your knowledge about social engineering here.

1. Spear phishing- They are sending social media messages/emails that appear to be from trusted sources but actually contain malicious code.
2. Fake emails- They are sending emails disguised as problem solvers, for example, emails warning of account security and promoting the users to enter account information.


3. Fake websites- The group has websites faking as big brands like Microsoft and Yahoo, to steal user information. For example, outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net.

Hmm, that’s disturbing.
What measures are taken?

1. Microsoft has successfully taken charge of 99 of the fake websites.
2. The software giant has also taken legal and technical action against the threat.
3. They have notified all their affected customers and encouraged everyone to secure their accounts with a number of tools in their blog post, one of them being two-step verification.

What can you do?
You might not be a target of this group right now but these kinds of attacks are not uncommon, and it is better to be safe than sorry.
So we suggest that you,

  • Keep a strong password for your Microsoft and other email accounts.
  • Change the password every 90 days.
  • Enable two factor authentication wherever possible.
  • Keep checking your account login activity every once in a while.
  • Never blindly believe any email or message or website even if it appears to be from a trusted source.
  • Change the password every 90 days.
  • Verify the source before you enter your sensitive information anywhere.
  • Make a habit of reading our blog (or any cybersecurity news blog for that matter) once every day to stay updated.

Have anything else to add to this news? Tell us in the comments section.
Stay tuned, stay safe.

©2022 Tech Brewery. All Rights Reserved.

Log in with your credentials

or    

Forgot your details?

Create Account