Iranian-backed hackers targeting US presidential campaigns: Google
(The Hill) — An Iranian-backed hacking group is carrying out an “aggressive, multi-pronged” effort to target the U.S. and Israel and interfere with the American presidential election, Google analysts said in a blog post Wednesday.
The group, APT42, is associated with Iran’s Islamic Revolutionary Guard Corps and has consistently targeted high-ranking U.S. and Israeli officials, including current and former government ones, Google said.
“In the past six months, the U.S. and Israel accounted for roughly 60% of APT42’s known geographic targeting, including the likes of former senior Israeli military officials and individuals affiliated with both U.S. presidential campaigns,” the blog post reads. “These activities demonstrate the group’s aggressive, multi-pronged effort to quickly alter its operational focus in support of Iran’s political and military priorities.”
The FBI is investigating concerns that Iran stole documents from former President Donald Trump’s campaign and sent them to reporters, as well as allegations that Tehran attempted to gain access to Vice President Kamala Harris’ campaign.
Media outlets reportedly received an email from an AOL account named “Robert” that included a research dossier on Sen. JD Vance, R-Ohio, Trump’s running mate.
Trump’s campaign had announced previously that it was hacked by Iran, shortly after Microsoft published a report indicating Iranian and other foreign election interference.
Trump told reporters Wednesday that “it looks like it’s Iran doing it.”
“The reason is because I was strong on Iran,” he said. “I was protecting people in the Middle East that maybe they aren’t so happy about that.”
The FBI also suspects that three staffers associated with President Joe Biden’s former campaign or Harris’ current one were targeted with phishing campaigns.
Trump was also under enhanced Secret Service security after Iran had threatened his life, part of an Iranian campaign to target and threaten former Trump administration officials who were aggressive with policy against Tehran.
Trump survived an assassination attempt July 13 that officials believe is unrelated to Iran.
State Department spokesperson Vedant Patel told reporters Wednesday that the U.S. has “long spoken about how Iran has had lines of efforts to maliciously influence elections.”
“It’s something that we are consistently vigilant about,” he said.
APT42 has previously targeted officials during U.S. elections, but during the current cycle, personal email accounts from roughly a dozen individuals associated with Biden or Trump’s campaign were targeted, Google said.
Google said it has blocked several malign attempts, but some have been successful, including one on a high-profile political consultant.
Israeli military officials, diplomats and other key figures have also been targets of the phishing campaign from Iran.
Iran has masqueraded as legitimate organizations, including the Washington Institute for Near East Policy, the Brookings Institution and the Institute for the Study of War, according to Google.
The phishing efforts often involve emails containing some type of phishing link to lure users and allow them to gain access to accounts and steal information. In the past six months, Google said it has blocked more than 50 campaigns involving Google Sites scams.
“As we outlined above, APT42 is a sophisticated, persistent threat actor and they show no signs of stopping their attempts to target users and deploy novel tactics,” analysts wrote in the blog post.
The concerns around Iran’s election interference come as Iranian officials have publicly warned they will retaliate against Israel for what the death of top Hamas leader Ismail Haniyeh in Tehran two weeks ago. Iran has blamed his death on Israel, which has neither confirmed nor denied it.
The U.S. and Israel are bracing for an attack, with Washington moving additional military assets to the Middle East to prepare.