A blog by Microsoft’s vice president of security and trust says that the Microsoft Threat Intelligence Center observed the iranian cyber group CHARMING KITTEN (Phosphorous) try to access customer accounts. Microsoft reported that the activity targeted accounts that belonged to:
- political journalists
- iranians that have moved away from the country
- united states government officials
- accounts involved in the united states elections
In order to access each account the CHARMING KITTEN group did research about the target and used information that it found such as alternative email accounts or phone numbers in the Microsoft account recovery systems in order to gain access.
CHARMING KITTEN only compromised four accounts but this is another example showing how an unsophisticated attack can still be successful. The blog of Microsoft tells customers and especially journalists to use the option for two-step verification and to often check the login-history.