Google released a report on Wednesday, August 14th, stating that since May of this year, an Iranian organization linked to the Islamic Revolutionary Guard Corps (IRGC) has been attempting to infiltrate the email accounts of several individuals associated with both current President Biden and former President Trump.
According to the Associated Press, Google’s Threat Analysis Group has revealed that this organization is actively targeting people associated with Trump, Biden, and Vice President Harris. Google says their targets include current and former government officials, as well as personnel involved in presidential campaigns.
This new report from Google’s threat analysis team further confirms and expands upon a similar report released by Microsoft last Friday, August 9th. The report exposed Iran’s attempts at cyber intrusions during this year’s U.S. presidential election and how foreign adversaries are intensifying efforts to disrupt the election less than three months away.
Google’s report indicates that its researchers detected Iranian attackers using phishing emails and dismantling “small but steady-state” network attacks. The attackers disguise themselves as trusted senders, attempting to lure recipients into sharing their login information.
John Hultquist, the chief analyst of Google’s Threat Intelligence Unit, said that both his department and researchers are not unfamiliar with this Iranian organization, noting it’s not the first time the organization has attempted to interfere in U.S. elections. The report mentions that as early as June 2020, the same Iranian organization launched phishing attacks against Biden and Trump’s campaign teams.
Hultquist stated that Google will send a Gmail popup to potential attack targets, warning them that a government-backed attacker may be trying to steal their passwords.
Google’s research team observed that the organization had stolen the personal Gmail account password of a prominent political advisor. Google reported this incident to the Federal Bureau of Investigation (FBI) last month.
In a report on August 9th, Microsoft also provided similar information, revealing that the email account of a senior advisor to a former presidential campaign was compromised and used to send phishing emails to a senior campaign official.
The report also mentioned that this Iranian organization is active in other cyber espionage activities, especially in the Middle East. In recent months, amid the Israel-Hamas conflict, tensions in the region have intensified, with such activities now targeting Israeli diplomats, scholars, non-governmental organizations, and military branches through email phishing activities.
Trump’s campaign team stated last Saturday, August 10th, that they were hacked, sensitive internal documents were stolen and disseminated, implying Iran as the mastermind behind it.
On the same day, the news site Politico revealed that they received leaked internal documents from the Trump campaign via email, but it’s unclear if these leaks are related to Iran’s cyber activities. The Washington Post and the New York Times also received these documents.
Additionally, Trump and his former advisor Roger Stone have both stated that Microsoft contacted them regarding the suspected cyber attack. A source familiar with the matter mentioned that Stone’s emails were hacked, with the aim being Trump’s campaign.
Google confirmed that the Iranian organization in their report (referred to as APT42) is the same organization in Microsoft’s research. Microsoft calls this organization “Mint Sandstorm.”
Harris’ campaign team did not disclose whether they have found any government-supported intrusion attempts, but indicated they are closely monitoring network threats and have not found any security vulnerabilities in their systems.
The Federal Bureau of Investigation confirmed on Monday, August 12th, that they are investigating the Trump campaign’s breach. Two individuals familiar with the matter stated that the FBI is also investigating attempts to access Biden’s (now Harris’) campaign team.
U.S. intelligence officials have repeatedly warned that Russia and Iran are increasing efforts to influence U.S. elections through online activities. In addition to these hacking incidents, organizations associated with these two countries also utilize fake news sites and social media accounts to disseminate content aimed at affecting American voters.
Although neither Microsoft nor Google have detailed Iran’s intent to influence the U.S. elections, American officials have previously hinted that Tehran is seeking retaliation for Trump’s order in 2020 to assassinate Iranian Islamic Revolutionary Guard Corps commander Qasem Soleimani.
Cable news network CNN reported on July 16th, citing multiple sources, that U.S. authorities received intelligence that Iran was attempting to assassinate Trump. As a result, the Secret Service has intensified security measures for Trump.
When asked about the hacking of Trump’s campaign team, Iran’s UN mission denied any government involvement.