An Iranian-linked hacking group targeted the personal emails of about a dozen people connected to the campaign of former President Donald Trump and the reelection bid – later scuttled – of US President Joe Biden, including US officials, said Google’s Threat Analysis Group on Wednesday.
In May and June, APT42, a hacking group linked to Iran’s Islamic Revolutionary Guard Corps, consistently targeted the personal email accounts of around a dozen people, including “high-profile users in Israel and the U.S., current and former government officials, political campaigns, diplomats, individuals who work at think tanks, as well as NGOs and academic institutions that contribute to foreign policy conversations,” said the group.
Numerous login attempts by APT42 were also blocked, it added.
“Recent public reporting shows that APT42 has successfully breached accounts across multiple email providers,” the group said.
It stressed that besides promptly securing compromised accounts and issuing warnings to targets, Google reported this “malicious activity” to law enforcement in early July and cooperation with them is ongoing.
The company also informed US campaign officials about the “heightened malicious activity originating from foreign state actors and underscored the importance of enhanced account security protections on personal email accounts,” it said.
Israeli officials were also targeted by APT42, which used social engineering tactics to impersonate a journalist seeking comments on air strikes, the report said.
“They also sent social engineering emails to Israeli diplomats, academics, NGOs, and political entities. The emails were sent from accounts hosted by a variety of email service providers and did not contain malicious content,” according to Google.
Earlier this week, the FBI announced that it is investigating a reported hack of the Trump campaign after he claimed Iranian involvement. While the FBI has not confirmed details, it acknowledged a “campaign cyber intrusion.”
The probe follows the Trump campaign’s report of a document breach, with a Microsoft report noting an Iranian phishing attempt on a campaign official. Iran denies any involvement.
Biden ended his reelection effort last month, handing the reins to his aspiring successor, Vice President Kamala Harris.