A hacking group associated with Iran targeted the personal email accounts of “roughly a dozen” people associated with the Trump and Biden campaigns, including current and former U.S. government officials, according to a Google report released on Wednesday.
“In May and June, APT42 targets included the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump, including current and former officials in the U.S. government and individuals associated with the respective campaigns. We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals,” the report said, referring to a hacking group associated with Iran’s Islamic Revolutionary Guard Corps (IRGC).
According to Google, the group has targeted primarily users in Israel and the United States, according to the report, some of whom are high profile.
“Recent public reporting shows that APT42 has successfully breached accounts across multiple email providers,” according to the report. “We observed that the group successfully gained access to the personal Gmail account of a high-profile political consultant. In addition to our standard actions of quickly securing any compromised account and sending government-backed attacker warnings to the targeted accounts, we proactively referred this malicious activity to law enforcement in early July and we are continuing to cooperate with them.”
The company said it informed campaign officials that they saw “heightened malicious activity originating from foreign state actors and underscored the importance of enhanced account security protections on personal email accounts.”
The report is the latest by a major technology company warning of malicious Iranian efforts during this election cycle.
Last week, Microsoft warned that Iranians were targeting an unnamed campaign official on a presidential campaign, among several disinformation campaigns they were running.
In a statement, the FBI previously confirmed they were investigating the hack against the Trump campaign, and sources told ABC News that they were also investigating the attempted hack on the Biden campaign.
Israeli officials have also been targets.
“APT42 attempted to use social engineering to target former senior Israeli military officials and an aerospace executive by sending emails masquerading as a journalist requesting comment on the recent air strikes,” according to Google. “They also sent social engineering emails to Israeli diplomats, academics, NGOs and political entities. The emails were sent from accounts hosted by a variety of email service providers, and did not contain malicious content.”
They have also used fake petitions from real organizations to carry out phishing attacks.
“APT42 is a sophisticated, persistent threat actor and they show no signs of stopping their attempts to target users and deploy novel tactics,” according to Google. “This spring and summer, they have shown the ability to run numerous simultaneous phishing campaigns, particularly focused on Israel and the U.S. As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42.”
Google recently reported that an Iran-linked hacking group targeted the emails of individuals associated with both the Biden and Trump campaigns. This revelation has raised concerns about potential foreign interference in the upcoming U.S. presidential election.
According to Google’s Threat Analysis Group, the hacking group, known as APT35 or Charming Kitten, sent phishing emails to campaign staff members in an attempt to gain access to their email accounts. These phishing emails were designed to look like legitimate messages from colleagues or other trusted sources, but actually contained malicious links or attachments that, if clicked on, could compromise the recipient’s email account.
APT35 has been linked to the Iranian government and has a history of targeting individuals and organizations in the United States and other countries. In this latest campaign, the group appears to be trying to gather intelligence on the two presidential campaigns, potentially in an effort to influence the outcome of the election.
The targeting of both the Biden and Trump campaigns highlights the fact that foreign actors are actively trying to interfere in the U.S. electoral process. This is not a new phenomenon, as Russian hackers were also found to have targeted the 2016 presidential election in an effort to sow discord and undermine confidence in the democratic process.
It is important for campaign staff members and individuals involved in the election process to remain vigilant and take steps to protect their email accounts and other sensitive information. This includes using strong, unique passwords, enabling two-factor authentication, and being cautious when clicking on links or downloading attachments in emails.
In response to the recent hacking attempts, Google has said that it has notified the targeted individuals and taken steps to secure their accounts. The company also stated that it continues to monitor for any further malicious activity from APT35 or other threat actors.
Overall, the news of Iran-linked hackers targeting the emails of individuals from the Biden and Trump campaigns serves as a reminder of the ongoing threats to the integrity of the U.S. electoral process. It underscores the need for increased cybersecurity measures and vigilance on the part of all individuals involved in the election, from campaign staff members to voters themselves.
