HomeWinBuzzer NewsMicrosoft Reveals AccountGuard Software Uncovered Iran-Backed Phosphorus Attack

Microsoft Reveals AccountGuard Software Uncovered Iran-Backed Phosphorus Attack

Microsoft’s AccountGuard found an attack by Phosphorus that targeted the U.S. presidential campaign, with four accounts breached.


Nation-state originating cyber-attacks are a common thing, with transparency around services showing how frequent these types of attacks occur. has been among a group of tech companies that have sought to combat state sponsored attacks, alongside governments and individually.

AccountGuard was a service Microsoft debuted to “monitor accounts of campaigns and other associated organizations related to election processes in democracies around the world, publishing this information should help others be more vigilant and take steps to protect themselves.”

Microsoft says AccountGuard was able to detect 2,700 attacks associated with the Phosphorus groups, which is linked to the government of Iran. Attackers targeted 241 accounts linked to the “U.S. presidential campaign, current, and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.

To gains information on users, Phosphorus would look to access secondary email accounts for Microsoft Account holders. The group would try to gain access information such as passwords through verification sent to a secondary email account.

“Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts. For example, they would seek access to a secondary email account linked to a user's Microsoft account, then attempt to gain access to a user's Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”

Microsoft confirms four accounts were breached through this tactic and has notified the affected users.

Phosphorus Court Order

Earlier this year, Microsoft went after Phosphorus directly by seeking court orders against 99 websites associated with the group.

“Microsoft's Digital Crimes Unit has executed work to disrupt cyberattacks from a threat group we call Phosphorus which is widely associated with Iranian ,” Microsoft corporate vice president Tom Burt wrote in a blog post.

“Phosphorus typically attempts to compromise the personal accounts of individuals through a technique known as spear-phishing, using social engineering to entice someone to click on a link, sometimes sent through fake accounts that appear to belong to friendly contacts,” Burt says.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News