Google said on Wednesday that an Iranian group linked to the country’s Revolutionary Guard has tried to infiltrate the personal email accounts of roughly a dozen people linked to Joe Biden, Donald Trump and Kamala Harris since May.
The tech company’s threat intelligence arm said the group was still actively targeting people associated with Biden, Trump and Harris, who replaced the US president as the Democratic candidate last month when he dropped out. It said those targeted included current and former government officials, as well as presidential campaign affiliates.
The new report from Google’s Threat Analysis Group affirms and expands on a Microsoft report released on Friday that revealed a suspected Iranian cyber intrusion in this year’s US presidential election. It sheds light on how foreign adversaries are ramping up their efforts to disrupt the election, which is less than three months away.
Google’s report said its threat researchers detected and disrupted a “small but steady cadence” of the Iranian attackers using email credential phishing, a type of cyberattack in which the attacker poses as a trusted sender to try to get an email recipient to share their login details. John Hultquist, chief analyst for the company’s threat intelligence arm, said the company sends suspected targets of these attacks a Gmail popup that warns them that a government-backed attacker might be trying to steal their password.
The report said Google observed the group gaining access to one high-profile political consultant’s personal Gmail account. Google reported the incident to the FBI in July. Microsoft’s Friday report shared similar information, noting that the email account of a former senior adviser to a presidential campaign had been compromised and weaponized to send a phishing email to a high-ranking campaign official.
The group is familiar to Google’s threat intelligence arm and other researchers, and this is not the first time it has tried to interfere in US elections, Hultquist said. The report noted that the same Iranian group targeted both the Biden and Trump campaigns with phishing attacks during the 2020 cycle, as early as June of that year.
The group also has been prolific in other cyber espionage activity, particularly in the Middle East, the report said. In recent months, as the Israel-Hamas war has aggravated tensions in the region, that activity has included email phishing campaigns targeted at Israeli diplomats, academics, non-governmental organizations and military affiliates.
Trump’s campaign said on Saturday that it had been hacked and that sensitive internal documents had been stolen and distributed. It declared that Iranian actors were to blame.
The same day, Politico revealed it had received leaked internal Trump campaign documents by email, though it was not clear whether the leaked documents were related to the suspected Iranian cyber activity. The Washington Post and the New York Times also received the documents.
While the Trump campaign has not provided specific evidence linking Iran to the hack, both Trump and his longtime friend and former adviser Roger Stone have said they were contacted by Microsoft related to suspected cyber intrusions. Stone’s email was compromised by hackers targeting Trump’s campaign, a person familiar with the matter said.
Google and Microsoft would not identify the people targeted in the Iranian intrusion attempts or confirm that Stone was among them. Google did confirm that the Iranian group in its report, which it calls APT42, was the same as the one in Microsoft’s research. Microsoft refers to the group as Mint Sandstorm.
Harris’s campaign has declined to say whether it has identified any state-based intrusion attempts, but has said it vigilantly monitors cyber threats and is not aware of any security breaches of its systems.
The FBI on Monday confirmed that it was investigating the intrusion into the Trump campaign. Two people familiar with the matter said the FBI was also investigating attempts to gain access to the Biden-Harris campaign.
The reports of Iranian hacking come as US intelligence officials have warned of persistent and mounting efforts from both Russia and Iran to influence the US election through online activity. Beyond these hacking incidents, groups linked to the countries have used fake news websites and social media accounts to churn out content that appears intended to sway voters’ opinions.
While neither Microsoft nor Google specified Iran’s intentions in the US presidential race, officials have previously hinted that Iran particularly opposes Trump. They have also expressed alarm about Tehran’s efforts to seek retaliation for a 2020 strike on an Iranian general that was ordered by Trump.
Iran’s mission to the United Nations, when asked about the claim of the Trump campaign, denied being involved.
“We do not accord any credence to such reports,” the mission told the Associated Press. “The Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election.”
The mission did not immediately respond to a request for comment on Wednesday about Google’s report.
Source: US Politics - theguardian.com