Iranian cyber group targets US election campaign emails, says Google

Google’s Threat Analysis Group has identified a series of cyberattacks targeting email accounts linked to President Joe Biden, former President Donald Trump and Vice President Kamala Harris.

The attacks, traced back to an Iranian group affiliated with the Islamic Revolutionary Guard Corps (IRGC), have been ongoing since May 2024.

Phishing attempts on high-profile figures

The group, known as APT42 (referred to as Mint Sandstorm by Microsoft), employed phishing techniques to gain unauthorized access to the email accounts of approximately a dozen individuals tied to the Biden and Trump campaigns.

This latest revelation underscores the ongoing efforts by foreign adversaries to disrupt the U.S. election process, less than three months before Election Day.

John Hultquist, Chief Analyst at Google’s Threat Intelligence arm, highlighted the persistence of these attacks, describing them as a “small but steady cadence” of email credential phishing.

In July, Google reported to the FBI that one high-profile political consultant’s personal Gmail account had been compromised by the group.

This new disclosure from Google builds on a recent report from Microsoft’s Threat Analysis Center, which also documented suspected Iranian cyber intrusions targeting the 2024 U.S. presidential election.

Both companies confirmed that the same Iranian group was responsible for similar attacks during the 2020 election cycle.

The group’s activities extend beyond the U.S., with recent phishing campaigns targeting Israeli diplomats, academics, nongovernment organizations (NGO)s and military personnel amid rising tensions in the Middle East.

US campaigns respond to cyber threats

While the Trump campaign reported a cyberattack resulting in the theft of sensitive internal documents, it did not provide specific evidence linking Iran to the breach.

However, the campaign, along with Roger Stone, a former Trump adviser, confirmed they had been contacted by Microsoft regarding suspected cyber intrusions.

The Biden-Harris campaign has declined to comment on specific state-backed intrusion attempts but emphasized their vigilance in monitoring cyber threats.

The FBI has confirmed that it is investigating the intrusion of the Trump campaign and attempts to access the Biden-Harris campaign.

In response to the allegations, Iran’s mission to the United Nations denied any involvement in the U.S. election, dismissing the reports as baseless.

The UN has adopted its 1st intl. Convention on countering cybercrime, with the active participation of Iran. We also highlighted our zero-tolerance policy against child sexual exploitation by calling for the removal of a specific article from the Convention. There must be no… pic.twitter.com/z8QBinvjim

— I.R.IRAN Mission to UN, NY (@Iran_UN) August 9, 2024