An Iranian hacker group targeted high-profile government officials by sending fraudulent invites to the upcoming Munich Security Conference, technology firm Microsoft said Wednesday.
The attackers sent likely attendees of the conference fake invitations by email in an apparent effort to gather intelligence. “The emails use near-perfect English and were sent to former government officials, policy experts, academics and leaders from non-governmental organization,” Microsoft’s Corporate Vice President for Security Tom Burt wrote in a blogpost published Wednesday.
“The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies,” Burt wrote.
Emails were sent from addresses including “munichconference[@]outlook.com” and “munichconference[@]outlook.de” and redirected invitees to websites posing as official domains for the conference, in an effort to get invitees to fill in credentials and compromise their security.
Microsoft said the Iranian-backed group Phosphorous is behind the attacks. The firm previously identified the group as one that “we believe originates from Iran and is linked to the Iranian government.”
The hackers also targeted potential attendees of the upcoming Think 20 (T20) Summit in Saudi Arabia, which also draws high-level security officials. The two conference organizers are warning invitees about the threat, Microsoft said.
“We recommend people evaluate the authenticity of emails they receive about major conferences by ensuring that the sender address looks legitimate and that any embedded links redirect to the official conference domain,” Burt said in the blogpost.