Iranian hackers targeted Trump and Harris's presidential campaigns, reveals Google
Google's Threat Analysis Group has identified a single Iranian hacker group, known as APT42, responsible for cyberattacks on both Democratic and Republican presidential campaigns in the US. The group is believed to be operating under the direction of Iran's Revolutionary Guard Corps (IRGC). In May and June, APT42 targeted approximately 12 individuals associated with the campaigns of Donald Trump and Joe Biden. These individuals included current and former government officials as well as those involved in the political campaigns.
Harris campaign says it was targeted by foreign hackers
The campaign team of Democratic presidential candidate Kamala Harris revealed on Tuesday that it had been the target of foreign hackers. This comes shortly after Trump's campaign alleged that it had been attacked by Iranian hackers. "In July, the campaign legal and security teams were notified by the FBI that we were targeted by a foreign actor influence operation," a Harris campaign official told AFP.
APT42's cyberespionage targets extend beyond US politics
John Hultquist, head of threat intelligence at Mandiant, a cybersecurity firm owned by Google, stated that APT42's activities are not limited to US politics. The group has also targeted Israeli military, government, and diplomatic organizations. "In terms of collection, they're hitting all sides," Hultquist said. He further noted that this pattern of bipartisan cyberespionage is consistent with APT42's past actions during the 2020 Biden and Trump campaigns.
APT42's actions reflect Iran's interest in US policy
Hultquist suggested that APT42's actions do not indicate a preference for any particular candidate but rather underscore the strategic importance of these individuals to Iran. "They're interested in both candidates because these are the individuals who are charting the future of American policy in the Middle East," he explained. This observation highlights the geopolitical implications of APT42's cyberespionage activities.
APT42 implicated in document leak from Trump campaign
In a significant development, sensitive documents from the Trump campaign were not only breached but also leaked to the media. Major news outlets including Politico, The Washington Post, and The New York Times reported being offered these documents by a source named "Robert." While it remains unconfirmed whether APT42 was behind this breach, Microsoft has identified an incident in June where the group targeted a high-ranking official on a presidential campaign.
Google and Microsoft respond to APT42's cyberattacks
In response to APT42's activities, Google has blocked numerous attempts to access the accounts of officials from both campaigns and issued warnings to those affected. The tech giant is also cooperating with law enforcement agencies investigating these attempted breaches. Similarly, Microsoft has alerted individuals about potential security risks associated with their email accounts.
Google details APT42 hacking group's phishing operations
In its report, Google-owned Mandiant has outlined APT42's typical phishing tactics, which include directing victims to a counterfeit Google Meet page to steal their login credentials. Additionally, APT42 lures targets into conversations on messaging platforms like Telegram, WhatsApp, or Signal, where the attackers deploy phishing tools to intercept usernames, passwords, two-factor authentication codes, and account recovery codes.
