Google said Wednesday that an Iranian group linked to the country's Revolutionary Guard has attempted to hack into the personal email accounts of about a dozen people linked to Joe Biden, Donald Trump and Kamala Harris since May.
The tech firm's threat intelligence division said the group was still actively targeting people associated with Biden, Trump and Harris, who replaced the US president as the Democratic nominee last month when he dropped out. It said targets included current and former government officials as well as affiliates of the presidential campaign.
The new report from Google’s Threat Analysis Group confirms and expands on a Microsoft report released Friday that revealed an alleged Iranian cyber intrusion into this year’s U.S. presidential election. It sheds light on how foreign adversaries are stepping up their efforts to disrupt the election, which will be held in less than three months.
Google’s report notes that its threat researchers detected and disrupted a “small but consistent cadence” of Iranian attackers using email credential phishing, a type of cyberattack in which the attacker poses as a trusted sender to try to get an email recipient to share their login details. John Hultquist, a senior analyst in the company’s threat intelligence division, said the company sends suspected targets of these attacks a Gmail pop-up warning them that a government-backed attacker might be trying to steal their password.
The report said Google had observed that the group had gained access to the personal Gmail account of a high-profile political consultant. Google reported the incident to the FBI in July. Microsoft’s report on Friday shared similar information, noting that the email account of a former senior adviser to a presidential campaign had been compromised and used as a weapon to send a phishing email to a high-ranking campaign official.
The group is known to Google’s threat intelligence division and other researchers, and this is not the first time it has tried to interfere in U.S. elections, Hultquist said. The report noted that the same Iranian group targeted the Biden and Trump campaigns with phishing attacks during the 2020 election cycle, as early as June of that year.
The group has also been prolific in other cyber espionage activities, particularly in the Middle East, the report said. In recent months, as the war between Israel and Hamas has heightened tensions in the region, that activity has included email phishing campaigns targeting Israeli diplomats, academics, non-governmental organizations and military affiliates.
Trump's campaign said Saturday it had been the victim of a cyber attack and that confidential internal documents had been stolen and distributed. It said Iranian agents were responsible.
That same day, Politico revealed that it had received leaked internal Trump campaign documents via email, though it was unclear whether the leaked documents were related to alleged Iranian cyber activity. The Washington Post and the New York Times also received the documents.
While the Trump campaign has not provided specific evidence linking Iran to the attack, both Trump and his longtime friend and former adviser Roger Stone have said Microsoft contacted them about alleged cyber intrusions. Stone’s email was compromised by hackers targeting the Trump campaign, a person familiar with the matter said.
Google and Microsoft did not identify the individuals targeted by the Iranian intrusion attempts or confirm that Stone was among them. Google confirmed that the Iranian group mentioned in its report, which it calls APT42, was the same one named in Microsoft’s investigation. Microsoft refers to the group as Mint Sandstorm.
Harris’ campaign has declined to say whether it has identified any attempted intrusions by the state, but has said it closely monitors cyber threats and is not aware of any security breaches of its systems.
The FBI confirmed Monday that it was investigating the intrusion into the Trump campaign. Two people familiar with the matter said the FBI was also investigating attempts to access the Biden-Harris campaign.
The reports of the Iranian hacking come at a time when U.S. intelligence officials have warned of persistent and increasing efforts by Russia and Iran to influence U.S. elections through online activity. Beyond these hacking incidents, groups linked to the countries have used fake news websites and social media accounts to produce content that appears intended to influence voter opinions.
While neither Microsoft nor Google specified Iran’s intentions in the U.S. presidential race, officials have previously hinted that Iran is particularly opposed to Trump. They have also expressed alarm over Tehran’s efforts to seek retaliation for a 2020 attack on an Iranian general that was ordered by Trump.
Iran's mission to the United Nations, when asked about the Trump campaign's claim, denied involvement.
“We do not believe these reports,” the mission told the Associated Press. “The Iranian government has no intention or motive to interfere in the U.S. presidential election.”
The mission did not immediately respond to a request for comment Wednesday on the Google report.
