Google confirms an Iranian group is trying to access emails linked to both US presidential campaigns
NEW YORK — Google said Wednesday that a Iranian group linked to the country’s Revolutionary Guards has attempted to infiltrate the personal email accounts of about a dozen people connected to President Joe Biden And former president donald trump since May.
The tech company’s threat intelligence unit said the group is still actively targeting people associated with Biden, Trump and Vice President Kamala Harriswho replaced Biden as the Democratic nominee last month when he withdrew. It said the targets included current and former government officials, as well as campaign associates of the president.
The new report from Google’s Threat Analysis Group confirms and expands a Microsoft report released Friday that revealed suspected Iranian cyber intrusion into this year’s U.S. presidential election. It sheds light on how foreign adversaries increase their efforts to disrupt the elections that is now less than three months away.
According to Google’s report, threat researchers detected and disrupted a “small but consistent cadence” of Iranian attackers using email credential phishing, a type of cyberattack in which the attacker poses as a trusted sender to try to trick an email recipient into sharing their login credentials. John Hultquist, a principal analyst for the company’s threat intelligence unit, said the company sends suspected targets of these attacks a Gmail pop-up warning them that a state-backed attacker may be trying to steal their password.
The report said Google saw the group gain access to the personal Gmail account of a prominent political adviser. Google reported the incident to the FBI in July. Microsoft’s report on Friday had shared similar information, noting that the email account of a former senior adviser to a presidential campaign had been compromised and weaponized to send a phishing email to a high-ranking campaign official.
The group is known to Google’s threat intelligence department and other researchers, and this isn’t the first time it has tried to meddle in U.S. elections, Hultquist said. The report noted that the same Iranian group targeted both the Biden and Trump campaigns with phishing attacks during the 2020 cycle, as early as June of that year.
The group has also been prolific in other cyberespionage activities, particularly in the Middle East, the report said. In recent months, as the war between Israel and Hamas has exacerbated tensions in the region, that activity has included email phishing campaigns targeting Israeli diplomats, academics, nongovernmental organizations and military partners.
Trump’s campaign said Saturday that it was hacked and that sensitive internal documents were stolen and distributed. It stated that Iranian actors were blamed.
That same day, Politico announced that it had received a message leaked internal Trump campaign documents via email, although it was not clear whether the leaked documents were related to suspected Iranian cyber activity. The Washington Post and The New York Times also received the documents.
While the Trump campaign has not provided specific evidence linking Iran to the hack, both Trump and his longtime friend and former adviser Roger Stone have said they were approached by Microsoft about suspected cyber intrusions. Stone’s email was compromised by hackers targeting the Trump campaign, a person familiar with the matter said.
Google and Microsoft would not identify the individuals targeted in the Iranian hacking attempts or confirm whether Stone was among them. Google did confirm that the Iranian group in its report, which it calls APT42, is the same one in Microsoft’s investigation. Microsoft calls the group Mint Sandstorm.
Harris’ campaign team would not say whether any state-sponsored intrusion attempts have been identified, but said it is closely monitoring cyber threats and is not aware of any security breaches of its systems.
The FBI confirmed Monday that it is investigating the Trump campaign breach. Two people familiar with the matter said the FBI is also investigating attempts to gain access to the Biden-Harris campaign.
The reports of Iranian hacking come as US intelligence agencies have warned of ongoing and increasing efforts by both Russia and Iran to influence the U.S. election through their online activities. In addition to these hacking incidents, groups with ties to the countries have used fake news websites and social media accounts to spread content that appears designed to influence voter opinion.
While neither Microsoft nor Google have specified Iran’s intentions in the U.S. presidential race, U.S. officials have previously suggested that Iran specifically opposes Trump. U.S. officials have also expressed concern about Tehran’s efforts to retaliate for a Attack on an Iranian general in 2020 that was ordered by Trump.
When asked about the Trump campaign’s claims, Iran’s mission to the United Nations denied any involvement.
“We do not give any credence to such reports,” the mission told The Associated Press. “The Iranian government has no intention or motive to interfere in the U.S. presidential election.”
The mission did not immediately respond to a request for comment on Google’s report on Wednesday.
___
Associated Press editor Michael Weissenstein contributed to this report.
___
The Associated Press receives support from several private foundations to enhance its explanatory reporting on elections and democracy. See more about AP’s Democracy Initiative hereThe AP is solely responsible for all content.