Google has issued a warning about Iranian cybercriminals targeting the US presidential election.
After earlier research by Microsoft revealed similar threats, Google has now intelligence report revealing that a threat actor known as APT42 has attacked a number of organizations related to the US presidential election.
The report found that 60% of APT42’s attacks in the past six months targeted Israel and the US, including phishing attacks and social engineering to compromise Gmail accounts of public figures.
APT42 targets US elections
APT42 has connections to the Islamic Revolutionary Guard Corps (IRGC) and has launched a number of social engineering campaigns using fake pages masquerading as the Jewish Agency for Israel and calling for a ceasefire. APT42 has also targeted a number of military, defense, diplomatic, academic, and civilian targets with credential theft phishing campaigns.
In the US, however, APT42 attacked both the Trump and Biden campaigns with phishing attacks targeting the personal email accounts of many former US government and campaign officials. Several of these attacks were successful, including one against a prominent political advisor.
These phishing campaigns are still ongoing, with Google reporting that failed attacks are still occurring against individuals related to President Biden, Vice President Kamala Harris and former President Donald Trump.
APT42 has been observed using tactics such as identifying accounts that use device prompts for two-factor authentication, and then using spoofed login or account recovery attempts that appear in the same geographic location, along with their credentials, to appear as an authentic second-factor prompt.
Google encourages high-risk individuals, such as elected officials, candidates, campaign workers, journalists, election workers, and government officials, to enroll in Google’s Advanced Security Program, which provides additional protection against phishing and unauthorized access at no additional cost.