When Donald Trump’s presidential campaign publicly said last week that it had been attacked by Iranian hackers, the news may have initially seemed like a sign that the Middle Eastern country was paying particular attention to the candidate seen as taking the toughest stance against the Iranian regime. Since then, it has become clearer that Iran was also targeting the Democratic Party with cyberattacks. Now, Google cybersecurity analysts have confirmed that both campaigns were attacked not just by Iran, but by the same group of hackers working for Iran’s Revolutionary Guard Corps.
Google’s Threat Analysis Group published a new report on APT42 on Wednesday, which it said is actively attempting to infiltrate Democratic and Republican presidential campaigns, as well as Israeli military, government and diplomatic institutions. APT42, which is believed to be operating on behalf of the Iranian Revolutionary Guard Corps (IRGC), targeted approximately a dozen individuals associated with both the Trump and Joe Biden campaigns in May and June, including current and former government officials and those associated with both political campaigns. Google said APT42 continues to target Republican and Democratic campaign officials alike.
“They’re hitting all fronts in terms of intelligence gathering,” said John Hultquist, head of threat intelligence at Google-owned cybersecurity company Mandiant, who works closely with the company’s threat analysis group. Hultquist noted that the level-of-opportunity cyberespionage is not surprising, given that APT42 targeted both the Biden and Trump campaigns in 2020. He said APT42’s targets aren’t necessarily in support of a particular candidate, but rather are driven by the fact that both Trump and current Vice President Kamala Harris are extremely important to the Iranian government. “They’re interested in both candidates because they’re the ones who will shape the future of U.S. policy in the Middle East,” Hultquist said.
But it appears that only one campaign had its classified documents not only compromised by Iranian hackers, but also leaked to the press, in an apparent repeat of Russia’s 2016 hacking and leaking operation against Hillary Clinton’s campaign. Politico, The Washington Post and The New York Times have all said they received documents allegedly from the Trump campaign, including from a source known as “Robert.”
It remains unconfirmed whether these files were in fact compromised by APT42. Microsoft noted last week that APT42, which it calls Mint Sandstorm, targeted a “senior official in the presidential campaign” in June, exploiting the hacked email account of another “former senior adviser” to the campaign. Google also said in a new report that APT42 “successfully gained access to the personal Gmail account of a prominent political consultant.”
Neither company has confirmed any information about which individuals may have been hacked by the Iranian group, but Trump adviser Roger Stone said he was alerted by Microsoft and then the FBI that his Microsoft and Gmail accounts had been compromised by hackers.
1 Comment
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.