Microsoft’s threat intelligence center uncovered a cyberthreat operation in which hackers disguised as conference organizers to target more than 100 high-worth profiles, including heads of state, world leaders, former ambassadors, and industry experts to pilfer intelligence information. According to a report, the Iranian threat actor group “Phosphorus” targeted potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia.
The Munich Security Conference is a summit on international security policy held annually in Munich, Bavaria since 1963.
Fake Invitations
It was found that threat actors had been sending fake invitations to potential attendees via email. Attackers sent imposter invitations of the Munich Security Conference to former government officials, policy experts, academics, and security leaders from non-governmental organizations.
No Links to the U.S. Elections
Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft, said, “Based on current analysis, we do not believe this activity is tied to the U.S. elections in any way. Phosphorus helped assuage fears of travel during the Covid-19 pandemic by offering remote sessions.”
“We believe Phosphorus is engaging in these attacks for intelligence collection purposes. The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries. We will continue to use a combination of technology, operations, legal action and policy to disrupt and deter malicious activity, but nothing replaces vigilance from people who are likely targets of these operations,” Burt added.
Microsoft recommended its users to enable multi-factor authentication across both business and personal email accounts to prevent credential harvesting attacks like these. “We’ve already worked with conference organizers who have warned and will continue to warn their attendees, and we’re disclosing what we’ve seen so that everyone can remain vigilant to this approach being used in connection with other conferences or events,” Microsoft said.
