Iranian hackers are allegedly targeting a high-profile security conference expected to be attended by heads of state and world leaders, according to Microsoft.
The upcoming Munich Security Conference and the Think 20 Summit in Saudi Arabia are being targeted by cybercriminal organization Phosphorous, which is masquerading as conference organizers to target more than 100 high-profile individuals, Microsoft said in a blog Wednesday.
The Munich conference has been held for nearly 60 years and is the most important meeting for heads of state to discuss world security, and T20 helps shape policy ideas for the G20 nations, writes Tom Burt, corporate vice president of Microsoft’s customer security and trust division.
The attackers have been sending possible attendees spoofed invitations by email. The emails use near-perfect English and were sent to former government officials, policy experts, academics and leaders from non-governmental organizations. Phosphorus helped assuage fears of travel during the Covid-19 pandemic by offering remote sessions.
We believe Phosphorus is engaging in these attacks for intelligence collection purposes. The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.
Microsoft’s Threat Intelligence Information Center discovered the malicious activity, Burt wrote. The company is working closely with conference organizers to warn attendees.
The company has previously warned about similar attacks targeting U.S. political groups and the upcoming Nov. 3 election, but Burt said current analysis doesn’t indicate that Phosphorous was targeting the election.
Burt suggested that conference attendees evaluate the authenticity of emails they get about major conferences by ensuring the sender address is legitimate and embedded links redirect to the official event domain.
Multi-factor authentication for both personal and business email accounts should also be enabled. Those suspected of being compromised should examine their email forwarding rules and remove any suspicious rules that may have been set by a threat actor.