Once the group had a list of high-value targets, it went after 241 of those accounts, which included "accounts are associated with a USA presidential campaign, current and former United States government officials, journalists covering global politics and prominent Iranians living outside Iran".
Microsoft said it had notified Phosphorous' targets, and was helping compromised users secure their accounts.
According to Microsoft, only four accounts were eventually compromised, and none of these were associated with a campaign, nor any former or current officials.
In July, Microsoft said that almost 10,000 customers were "targeted or compromised by nation-state attacks" in the past year.
Nineteen Democrats are seeking their party's nomination to run against President Donald Trump in the November 2020 election. The statement did not identify which specific campaign was targeted.
As to why it released the information publicly, Microsoft said that there were two reasons: first that "we all - governments and private sector - are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes;" and second that "publishing this information should help others be more vigilant and take steps to protect themselves". Phosphorus, Microsoft says, is linked to the Iranian government.
"For example, they would seek access to a secondary email account linked to a user's Microsoft account, then attempt to gain access to a user's Microsoft account through verification sent to the secondary account", Microsoft explained. The company described the attacks in a blog post on Friday.
They gained access to four accounts by tricking password reset features, the company said. But he noted that they used significant amounts of personal information of the targets, suggesting that Phosphorus was willing to invest "significant time and resources engaging in research and other means of information gathering". Some of those accounts similarly took aim at US policymakers and journalists, researchers said at the time.
US intelligence agencies determined Russian hackers compromised Democratic emails during the 2016 presidential election campaign, stealing emails from both the Democratic National Committee and John Podesta, who chaired Hillary Clinton's presidential campaign. The company, which names hacking groups after elements on the periodic table, seized 99 websites in March it said were used by the group to launch cyberattacks against government agencies, businesses and users in Washington.