Google Confirms Iran-Backed Hacking Group Targeted Emails Linked to Biden, Trump Campaigns

A hacking group allegedly backed by the Iranian regime has recently targeted individuals associated with the campaigns of President Joe Biden and former President Donald Trump, tech giant Google has confirmed.
The group consistently targets “high-profile individuals in Israel and the United States,” Google said.
Those targets include current and former government officials, political campaigns, diplomats, individuals who work at think tanks, and nongovernmental organizations (NGO), and “academic institutions that contribute to foreign policy conversations,” according to the tech giant.
TAG noted it has detected and disrupted a “small but steady cadence” of APT42’s credential phishing activity during the current U.S. presidential election cycle.
Those phishing attacks, which took place in May, targeted the personal email accounts of roughly a dozen people affiliated with Biden and Trump, as well as people associated with their campaigns, according to the blog post.
Google’s TAG said it has blocked “numerous” attempts by APT42 to log in to the personal email accounts of the targeted individuals and also warned the people who were targeted.
It didn’t identify the consultant, but said it reported the incident to the FBI in July and continues to cooperate with the agency.
TAG also noted that it continues to observe “unsuccessful attempts” from APT42 to compromise the personal accounts of individuals affiliated with Democrat presidential nominee Vice President Kamala Harris.
The cyberespionage group, whose operations date to at least 2015, usually conducts surveillance operations and collects information against people and organizations of “strategic interest,” to the Iranian regime, Mandiant said.
In its latest blog post, Google said the group “heavily targeted” users in Israel and the United States between February and late July.
“In the past six months, the U.S. and Israel accounted for roughly 60 percent of APT42’s known geographic targeting, including the likes of former senior Israeli military officials and individuals affiliated with both U.S. presidential campaigns,” the tech giant said.
“These activities demonstrate the group’s aggressive, multi-pronged effort to quickly alter its operational focus in support of Iran’s political and military priorities.”
The hacking group uses various tactics in email phishing campaigns to victims, including hosting malware, phishing pages, and malicious redirects, Google said.
The group also usually abuses services such as Google Drive, Gmail, Dropbox, OneDrive, and others for these purposes, it said.
The blog post from Google expands on a recent Microsoft report that revealed suspected Iranian cyber intrusion in this year’s U.S. presidential election.
Trump blamed “foreign sources hostile to the United States” for the hacking attack.