Iranian hackers were behind an “incredible” spike in cyberattacks detected after President Trump’s withdrawal from the Iranian nuclear deal, a top Microsoft executive said Friday.
Tom Burt, Microsoft’s corporate vice president of customer security and trust, discussed the surge while speaking about foreign threats at the Aspen Security Forum in Colorado.
“We’ve notified almost 10,000 customers that they’ve been under attack by a nation-state activity group just in the past year,” Mr. Burt said. “And when you stack rank those activity groups by their country of operation and by the volume of notifications that we did, the number one volume are activity groups operating out of Iran.”
The attacks targeted customers across the board and were not necessarily politically focused, Mr. Burt noted. Microsoft saw a surge in activity attributed to Iran and North Korean hackers during moments of heightened tension involving either country and the Trump administration, however, he added.
“What we saw with Iran, for example, is an incredible increase and spike in activity once the United States announced it was withdrawing from the nuclear treaty,” Mr. Burt said.
“With North Korea we significant increase in activity as the nuclear discussions were ongoing. And the targets that these organizations go after were, you know somewhat, predictably people involved in the policy issues there,” he said.
Microsoft’s findings mirror those previously reached by cybersecurity firms including CrowdStrike and FireEye, who similarly reported last year that Iranian hackers escalated their attacks after Mr. Trump abandoned the nuclear deal in May 2018.
More recently, the U.S. Department of Homeland Security warned last month that the government was aware of “a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.”
Speaking broadly about Iranian-based cyber activity detected by Microsoft during the last year, Mr. Burt said the attacks “are not necessarily in any way associated with trying to hack our democratic process,” and instead have largely targeted potential victims like oil, gas and energy organizations in the Middle East.
Russian hackers, however, have continued to be “very active” ahead of the 2020 U.S. presidential election and could mount a campaign not unlike during the last White House race, he warned.
“What we would say from the data we seen so far is that we are seeing the early stages of the same kind of pattern of activity by the same actors that we’ve seen before and we should expect they’re going to continue,” Mr. Burt said.
Indeed, Republicans and Democrats briefed on election security by top administration officials last week said afterward that the government is aware of “ongoing” threats to the 2020 race.
Daniel R. Coats, Mr. Trump’s director of national intelligence, announced the creation of a new position Friday dedicated to countering threats to election security, meanwhile.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.