Google says single Iranian hacker group targeted both presidential campaigns
When Donald Trump’s presidential campaign publicly announced last week that it had been successfully hacked by Iranian hackers, the news initially seemed like a sign that the Middle Eastern nation was specifically targeting the candidate it saw as taking the toughest approach to its regime. Since then, it has become clearer that Iran has Democrats in the crosshairs of cyber operationsNow, Google cybersecurity analysts have confirmed that both campaigns were not only targeted at Iran, but were also targeted by the same group of hackers working for the Iranian Revolutionary Guard Corps.
Google’s threat analysis team announced on Wednesday new report on APT42, a group it says has actively sought to compromise both Democratic and Republican presidential campaigns, as well as Israeli military, government, and diplomatic organizations. In May and June, APT42, which is believed to work for Iran’s Islamic Revolutionary Guard Corps (IRGC), targeted about a dozen people associated with both Trump and Joe Biden, including current and former government officials and individuals associated with both political campaigns. According to Google, APT42 continues to target Republican and Democratic campaign officials.
“In terms of collection, they’re attacking all sides,” said John Hultquist, head of threat intelligence at Google-owned cybersecurity firm Mandiant, which works closely with the company’s Threat Analysis Group. Hultquist noted that the equal-opportunity cyber espionage is not unexpected, given that APT42 also targeted both the Biden and Trump campaigns in 2020. He said APT42’s targeting doesn’t necessarily speak to their preference for a single candidate, but rather the fact that both candidates, Trump and now-Vice President Kamala Harris, are of great importance to the Iranian government. “They’re interested in both candidates because these are individuals who are shaping the future of U.S. policy in the Middle East,” Hultquist said.
However, only one campaign appears to have had sensitive files not only successfully compromised by Iranian hackers but also leaked to the press, in a clear repeat of Russia’s 2016 Hack and Leak Campaign targeting Hillary Clinton’s campaign. Politico, The Washington Post and The New York Times all said they were provided documents allegedly taken from the Trump campaign, in some cases from a source known only as “Robert.”
Whether those files were actually compromised by APT42 remains unconfirmed. Microsoft noted Last week, APT42, known as Mint Sandstorm, targeted a “senior presidential campaign official” in June by exploiting the hacked email account of another “senior adviser” to the campaign. In its new report, Google also noted that APT42 “successfully gained access to the personal Gmail account of a senior political adviser.”
While no company has provided any confirmation of which individual or individuals may have been successfully attacked by the Iranian group, Trump’s adviser Roger Stone revealed that he was warned by Microsoft and then the FBI that both his Microsoft and Gmail accounts had been hacked.
