Phosphorus targets the US presidential election.
Microsoft has identified "significant cyber activity" by the threat group it calls "Phosphorus" (also known as APT35 or Charming Kitten), which is linked to the Iranian government. Redmond saw the group make more than 2,700 attempts to identify email accounts belonging to personnel "associated with a U.S. presidential campaign, current and former U.S. government officials, journalists, and prominent Iranians living outside Iran." Phosphorus launched attacks against 241 of the identified accounts, of which four were compromised.
Reuters reports that the presidential campaign that was targeted was President Trump's re-election campaign. Microsoft stressed that the four compromised accounts didn't belong to presidential campaign personnel or US government officials.
The attacks primarily involved using information about the targets to try and exploit password reset and account recovery features. These activities weren't technically advanced, but Microsoft says the attackers "attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks," which "suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering."
Those commenting on the Iranian campaign have observed that Tehran has apparently learned from Moscow’s playbook. This seems correct with respect to Iran's understanding of the new possibilities social media open up for information operations: false personae, amplified messaging, compromise of influential accounts, and so on. But in other respects the campaign differs from those that have emanated from Russia. Russian influence operations have tended to have simple disruption as their aim, with the strategic objective being to widen pre-existing fissures and exacerbate mistrust in the societies they target. Such purely negative objectives would seem easier to achieve than influencing a society or its leaders in a particular direction, which is what Tehran seems interested in. In this respect the Iranian style in influence operations resembles China’s more than it does Russia’s. Iran's strategy and operational art were characterized at an NSA media roundtable this Thursday as aggressive, willing to be destructive, and focused closely on achieving regional objectives.
The US Senate Intelligence Committee reports on Russian election influence operations.
The US Senate Intelligence Committee has issued the second volume of its report, "Russian Active Measures Campaigns and Interference in the 2016 U.S. Election." The St. Petersburg-based Internet Research Agency was the focus of the Committee’s study. They found that its operations were directed by the Russian government, and that its messaging was overtly supportive of then-candidate Trump.
It also found that Russian social media operations were overwhelmingly concerned with race, with African-Americans disproportionately addressed. The goal of the information effort was, substantially, to increase mistrust along fissures in American society. The troll farmers’ activity actually increased after Election Day. "Instagram activity increased 238 percent, Facebook increased 59 percent, Twitter increased 52 percent, and YouTube citations went up by 84 percent," the Committee found.
Senator Richard Burr, Republican of North Carolina, who chairs the Select Committee on Intelligence, summarized: "By flooding social media with false reports, conspiracy theories, and trolls, and by exploiting existing divisions, Russia is trying to breed distrust of our democratic institutions and our fellow Americans.”