The intruders “were not technically sophisticated,” Microsoft said, but they were determined. They conducted extensive research of personal info to identify accounts and potentially fool account recovery systems, sometimes obtaining phone numbers used for two-factor authentication. There were over 2,700 attempts to identify accounts over the roughly month-long stretch. Phosphorous frequently used spear phishing in hopes it might trick users into providing login details through fake web forms.

Microsoft said it had notified Phosphorous’ targets, and was helping compromised users secure their accounts. It also recommended that political figures use its AccountGuard program to get advanced monitoring and threat alerts.

Iran hasn’t acknowledged its involvement in the attacks. However, they wouldn’t be surprising in light of escalating tensions between the US and Iran that have included digital warfare. Iran has also been accused of conducting a Russia-like disinformation campaign meant to skew American politics ahead of the 2020 presidential election. If Iran is involved, this would mainly represent one of the most overt attacks to date.