Google says Iranian group trying to hack US presidential campaigns

NEW YORK — Google said Wednesday that an Iranian group linked to the country’s Revolutionary Guard had tried to infiltrate the personal email accounts of roughly a dozen people linked to President Joe Biden and former President Donald Trump since May. 

The tech company’s threat intelligence arm said the group was still actively targeting people associated with Biden, Trump and Vice President Kamala Harris, who replaced Biden as the Democratic candidate last month when he dropped out of the presidential race. It said those targeted have included current and former government officials, as well as presidential campaign affiliates. 

The new report from Google’s Threat Analysis Group affirmed and expanded upon a Microsoft report released Friday that revealed a suspected Iranian cyber intrusion in this year’s U.S. presidential election. It shed light on how foreign adversaries are increasing their efforts to disrupt the election that is now less than three months away. 

Google’s report said its threat researchers detected and disrupted a “small but steady cadence” of the Iranian attackers using email credential phishing, a type of cyberattack where the attacker poses as a trusted sender to try to get an email recipient to share login details. John Hultquist, chief analyst for the company’s threat intelligence arm, said the company sends suspected targets of these attacks a Gmail pop-up that warns them that a government-backed attacker might be trying to steal their passwords. 

The report said Google observed the group gaining access to one high-profile political consultant’s personal Gmail account. Google reported the incident to the FBI in July. Microsoft’s Friday report had shared similar information, noting that the email account of a former senior adviser to a presidential campaign had been compromised and weaponized to send a phishing email to a high-ranking campaign official. 

The group is familiar to Google’s threat intelligence arm and other researchers, and this isn’t the first time it has tried to interfere in U.S. elections, Hultquist said. The report noted that the same Iranian group targeted both the Biden and Trump campaigns with phishing attacks during the 2020 cycle, as early as June of that year. 

The group also has been prolific in other cyber espionage activity, particularly in the Middle East, the report said. In recent months, as the Israel-Hamas war has fueled tension in the region, that activity has included email phishing campaigns targeted at Israeli diplomats, academics, nongovernmental organizations and military affiliates. 

Trump’s campaign said Saturday that it had been hacked and that sensitive internal documents had been stolen and distributed. It said Iranian actors were to blame. 

The same day, Politico revealed it had received leaked internal Trump campaign documents by email, though it wasn’t clear whether the leaked documents were related to the suspected Iranian cyber activity. The Washington Post and The New York Times also received the documents. 

While the Trump campaign hasn’t provided specific evidence linking Iran to the hack, both Trump and his longtime friend and former adviser Roger Stone have said they were contacted by Microsoft related to suspected cyber intrusions. Stone’s email was compromised by hackers targeting Trump’s campaign, a person familiar with the matter said. 

Google and Microsoft wouldn’t identify the people targeted in the Iranian intrusion attempts or confirm that Stone was among them. Google did confirm that the Iranian group in its report, which it calls APT42, is the same as the one in Microsoft’s research. Microsoft refers to the group as Mint Sandstorm. 

Harris’ campaign has declined to say whether it has identified any state-based intrusion attempts but has said it vigilantly monitors cyber threats and isn’t aware of any security breaches of its systems. 

The FBI on Monday confirmed that it’s investigating the intrusion of the Trump campaign. Two people familiar with the matter said the FBI also is investigating attempts to gain access to the Biden-Harris campaign. 

The reports of Iranian hacking come as U.S. intelligence officials have warned of persistent and mounting efforts from both Russia and Iran to influence the U.S. election through their online activity. Beyond these hacking incidents, groups linked to the countries have used fake news websites and social media accounts to churn out content that appears intended to sway voters’ opinions. 

While neither Microsoft nor Google specified Iran’s intentions in the U.S. presidential race, U.S. officials have previously hinted that Iran particularly opposes Trump. U.S. officials also have expressed alarm about Tehran’s efforts to seek retaliation for a 2020 strike on an Iranian general that was ordered by Trump. 

Iran’s mission to the United Nations, when asked about the claim of the Trump campaign, denied being involved. 

“We do not accord any credence to such reports,” the mission told The Associated Press. “The Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election.” 

The mission did not immediately respond to a request for comment Wednesday about Google’s report.

       Ads