Iran-Backed Hackers Target US Presidential Campaigns, Google Confirms

Google confirmed on Tuesday that hackers supported by Iran are targeting the campaigns of US presidential candidates Kamala Harris and Donald Trump. A group known as APT42, associated with Iran's Islamic Revolutionary Guard Corps, has been targeting high-profile individuals and organizations in Israel and the United States, including government officials and political campaigns, according to a threat report from Google.

The campaign of Democratic presidential candidate Kamala Harris acknowledged being targeted by foreign hackers, following similar claims from Donald Trump's campaign. A Harris campaign official informed AFP that in July, the FBI notified them of a foreign actor influence operation. Despite this, the campaign claims to have robust cybersecurity measures in place and is unaware of any breaches resulting from these efforts.

Google's threat analysis group reports ongoing unsuccessful attempts by APT42 to compromise personal accounts of individuals affiliated with President Joe Biden, Vice President Harris, and Trump. The group typically gathers information about targets and customizes phishing efforts to deceive victims into revealing login information for accounts like Gmail. The report details tactics such as impersonating think tanks or credible contacts to lure victims to fake video meeting pages requiring login credentials.

Despite the prevalence of technical tools in hacking, some hackers prefer social engineering tactics that trick individuals into clicking on malicious links or logging into realistic fake web pages. Google has disrupted APT42's attempts to hack the campaigns of Biden and Trump in 2020. This year, the group targeted personal email accounts of about a dozen people affiliated with Biden or Trump, with Google blocking numerous login attempts by APT42.

Google also reported that APT42 gained access to the personal Gmail account of a prominent political consultant. Described as a sophisticated and persistent threat actor, APT42 shows no signs of halting its attempts to target users and deploy new tactics. This spring and summer, the group demonstrated the ability to run multiple simultaneous phishing campaigns, particularly focused on Israel and the United States.

Google advises high-risk individuals associated with the upcoming election to remain vigilant and utilize enhanced defenses provided by the internet firm. Following the Trump campaign's announcement of being hacked, the US State Department warned Iran of consequences for election interference. The Trump campaign accused Iran of being behind the breach, which led to private documents being sent to reporters, including campaign research used to vet running mate J.D. Vance. The campaign cautioned media outlets against republishing the documents, stating such actions would be aiding America's enemies.

This situation contrasts with 2016 when Trump expressed hope that Russia would find Hillary Clinton's emails, remarks seen as encouraging further hacks. US intelligence concluded that Russia intervened in the 2016 election to support Trump, a claim he has denied.