When Donald Trump's presidential campaign publicly declared last week that it had been successfully attacked by Iranian hackers, the news may have initially seemed like a sign that the Middle Eastern nation was targeting the candidate it believed would take the most aggressive approach to his regime. It has since become clearer that Iran is the Democrats in the crosshairs of cyber operationsalso. Now, Google's cybersecurity analysts have confirmed that both campaigns were not attacked by Iran alone, but by the same group of hackers employed by the Iranian Revolutionary Guard.
Google's Threat Analysis Group published a report on Wednesday new report on APT42, a group they say has aggressively attempted to compromise both the Democratic and Republican presidential campaigns, as well as Israeli military, government, and diplomatic organizations. In May and June, APT42, which is believed to be employed by Iran’s Revolutionary Guard Corps (IRGC), targeted about a dozen people associated with both Trump and Joe Biden, including current and former government officials and individuals associated with the two political campaigns. According to Google, APT42 continues to target both Republican and Democratic campaign officials.
“In terms of collection, they’re all over the place,” said John Hultquist, who leads threat intelligence at Google-owned cybersecurity firm Mandiant, which works closely with Threat Analysis Group. Hultquist noted that equal-opportunity cyberespionage isn’t a surprise, given that APT42 also targeted the Biden and Trump campaigns in 2020. APT42’s targeting doesn’t necessarily say anything about bias toward one candidate, he said, but rather that both candidates, Trump and now Vice President Kamala Harris, are of enormous importance to the Iranian government. “They’re interested in both candidates because these are the individuals who are going to determine the future of American policy in the Middle East,” Hultquist said.
However, only one campaign appears to have not only succeeded in hacking the Iranian hackers' sensitive files, but also leaked them to the press, in an apparent repeat of The Russian Hack and Leak Operation of 2016 that were aimed at Hillary Clinton's campaign. Politico, The Washington Post and The New York Times have all said they were offered documents allegedly from the Trump campaign, in some cases by a source identified as “Robert.”
Whether these files were actually compromised by APT42 has not yet been confirmed. Microsoft noticed Last week, Google Inc. reported that APT42, which it calls Mint Sandstorm, had targeted a “senior official on a presidential campaign” in June by exploiting a hacked email account belonging to another “former senior adviser” to the campaign. Google’s new report also notes that APT42 “successfully gained access to the personal Gmail account of a prominent political adviser.”
While neither company has confirmed which person or persons were successfully hacked by the Iranian group, Trump's adviser said Roger Stone has revealed that he was alerted by Microsoft and then by the FBI that both his Microsoft and Gmail accounts had been compromised by hackers.