Google said on Wednesday that an Iranian group linked to Iran’s Revolutionary Guard Corps had been trying since May to hack into the personal email accounts of about a dozen people with ties to Joe Biden, Donald Trump and Kamala Harris.
The company’s threat intelligence division said the group was still actively targeting individuals with ties to Biden, Trump and Harris, who replaced the Democratic nominee after the president withdrew last month, including current and former government officials and those associated with the presidential campaign.
A new report from Google’s Threat Analysis Group confirms and expands on a Microsoft report released Friday that uncovered suspected Iranian cyber intrusions into this year’s U.S. presidential election. The report reveals how foreign adversaries are stepping up their efforts to disrupt the election, which is less than three months away.
Google’s report said its threat researchers had detected and thwarted a “small but consistent cadence” of Iranian actors using email authentication phishing, a type of cyberattack in which attackers pose as trusted senders to trick email recipients into giving up their login information. John Hultquist, a principal analyst in the company’s threat intelligence division, said the company was sending suspected targets of such attacks Gmail pop-ups warning them that government-backed actors might be trying to steal their passwords.
According to the report, Google observed the group accessing the personal Gmail account of a prominent political consultant. Google reported the incident to the FBI in July. Microsoft’s report on Friday shared similar information, noting that the email account of a former senior adviser to a presidential campaign was compromised and used to send phishing emails to senior campaign officials.
The group is well known to Google’s threat intelligence division and other researchers, and this is not the first time it has attempted to interfere in a U.S. election, Hultquist said. The report noted that the same Iranian group targeted both the Biden and Trump campaigns with phishing attacks during the 2020 election as early as June of that year.
The report said the group has also been active in other cyberespionage operations, particularly in the Middle East, including email phishing attacks targeting Israeli diplomats, academics, non-governmental organizations and military-related entities amid rising tensions in the region in recent months due to the war between Israel and Hamas.
The Trump campaign said on Saturday that it had been hacked and that classified internal documents had been stolen and distributed, a move it said was blamed on Iran.
The Washington Post and The New York Times also received internal documents from the Trump campaign, though it is unclear whether the leaked documents are related to the Iranian cyber-activities allegations.
The Trump campaign has not presented any specific evidence linking the hack to Iran, but Trump’s longtime friend and former adviser Roger Stone has said he was contacted by Microsoft about the suspected cyber intrusion, and that Stone’s emails were compromised by hackers targeting the Trump campaign, according to a person familiar with the matter.
Google and Microsoft did not identify who was targeted in the Iranian intrusions or acknowledge whether Stone was among them. Google confirmed that the Iranian group in the report, which it calls APT42, is the same one in the Microsoft investigation, which Microsoft calls Mint Sandstorm.
The Harris campaign declined to say whether it had confirmed any nation-state intrusion attempts, but said it closely monitors cyber threats and is not aware of any systems security breaches.
The FBI confirmed Monday that it is investigating the break-in at the Trump campaign headquarters, and two people familiar with the matter said the bureau is also investigating attempts to gain access to the Biden-Harris campaign.
Reports of the Iranian hacking come as U.S. intelligence officials warn of a persistent and growing effort by both Russia and Iran to influence U.S. elections through online activity. In addition to these hacking incidents, groups linked to the two countries have used fake news sites and social media accounts to churn out content that appears intended to sway voters.
Neither Microsoft nor Google have commented explicitly about Iran’s intentions in the U.S. presidential election, but officials have previously suggested Iran is specifically opposed to President Trump and have also expressed concern about Iranian efforts to retaliate for attacks on an Iranian general in 2020 ordered by Trump.
When asked about the Trump campaign’s claims, Iran’s mission to the United Nations denied any involvement.
“We do not believe any such reports,” the team told The Associated Press. “The Iranian government does not have and has no intent or motivation to interfere in the U.S. presidential elections.”
The mission did not immediately respond to a request for comment Wednesday about Google’s report.
