Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says
Written by Oct 28, 2020 | CYBERSCOOP

Iranian government-linked hackers have been sending spearphishing emails to large swaths of high-profile potential attendees of the upcoming Munich Security Conference as well as the Think 20 Summit in Saudi Arabia, according to Microsoft research.


The Iranian attackers, known as Phosphorous, have disguised themselves as conference organizers and have sent fake invitations containing PDF documents with malicious links to over 100 possible invitees of the conferences, both of which are prominent summits dedicated to international security and policies of the world’s largest economies, respectively.


In some cases the attackers have been successful in guiding some victims to those links, which lead victims to credential-harvesting pages, Tom Burt, corporate vice president of Microsoft Security and Trust announced in a blog published Wednesday morning.


“We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote in the blog. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.”


It’s the kind of attack that can give the government-linked hackers access to the inboxes of high-profile former government officials, policy experts, academics, and NGO leaders, Burt said.


Microsoft did not say what information, if any, the attackers successful stole from victims.


It was just the latest example of Phosphorous targeting non-governmental entities — the group has been known to target munich security conference attendees targeted linked spearphishing microsoft