Google says Iranian-associated hacking group targeted Biden, Trump campaigns
A hacking group associated with Iran targeted the personal email accounts of “roughly a dozen” people associated with the Trump and Biden campaigns, including current and former U.S. government officials, according to a Google report released on Wednesday.
“In May and June, APT42 targets included the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump, including current and former officials in the U.S. government and individuals associated with the respective campaigns. We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals,” the report said, referring to a hacking group associated with Iran’s Islamic Revolutionary Guard Corps (IRGC).
According to Google, the group has targeted primarily users in Israel and the United States, according to the report, some of whom are high profile.
“Recent public reporting shows that APT42 has successfully breached accounts across multiple email providers,” according to the report. “We observed that the group successfully gained access to the personal Gmail account of a high-profile political consultant. In addition to our standard actions of quickly securing any compromised account and sending government-backed attacker warnings to the targeted accounts, we proactively referred this malicious activity to law enforcement in early July and we are continuing to cooperate with them.”
The company said it informed campaign officials that they saw “heightened malicious activity originating from foreign state actors and underscored the importance of enhanced account security protections on personal email accounts.”
The report is the latest by a major technology company warning of malicious Iranian efforts during this election cycle.
Last week, Microsoft warned that Iranians were targeting an unnamed campaign official on a presidential campaign, among several disinformation campaigns they were running.
In a statement, the FBI previously confirmed they were investigating the hack against the Trump campaign, and sources told ABC News that they were also investigating the attempted hack on the Biden campaign.
Israeli officials have also been targets.
“APT42 attempted to use social engineering to target former senior Israeli military officials and an aerospace executive by sending emails masquerading as a journalist requesting comment on the recent air strikes,” according to Google. “They also sent social engineering emails to Israeli diplomats, academics, NGOs and political entities. The emails were sent from accounts hosted by a variety of email service providers, and did not contain malicious content.”
They have also used fake petitions from real organizations to carry out phishing attacks.
“APT42 is a sophisticated, persistent threat actor and they show no signs of stopping their attempts to target users and deploy novel tactics,” according to Google. “This spring and summer, they have shown the ability to run numerous simultaneous phishing campaigns, particularly focused on Israel and the U.S. As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42.”
Source: abc news