Google Confirms Iranian Hackers Behind US Presidential Hacks

Alphabet’s Google has warned that Iranian hackers have tried to infiltrate the personal email accounts of roughly a dozen people linked to President Joe Biden and former President Donald Trump.

The warning came on Wednesday from Google’s Threat Analysis Group, and follows a similar warning last week from Microsoft Threat Intelligence of numerous Iranian cyber intrusions in this year’s US presidential election, that included a hack of Republican presidential nominee Donald Trump.

The FBI is already investigating that breach but Iran denied involvement.

The Microsoft advisory last Friday said an Iranian group linked to the Islamic Revolutionary Guard Corps had sent a spear-phishing email in June to a “high-ranking official” on a presidential campaign from the compromised email account of a former senior advisor.

Google warning

Days later and Google’s Threat Analysis Group has issued a similar warning, identifying APT42, an Iranian government-backed threat actor.

Google confirmed the hackers were same as Microsoft had identified, although Redmond refers to the group as Mint Sandstorm.

Google said that since May APT42 has carried out targeted phishing campaigns against Israel and Israeli targets. It also confirmed “recent reports around APT42’s targeting of accounts associated with the US presidential election.”

“Associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), APT42 consistently targets high-profile users in Israel and the US, including current and former government officials, political campaigns, diplomats, individuals who work at think tanks, as well as NGOs and academic institutions that contribute to foreign policy conversations,” stated Google.

“In the past six months, the US and Israel accounted for roughly 60 percent of APT42’s known geographic targeting, including the likes of former senior Israeli military officials and individuals affiliated with both US presidential campaigns,” it stated. “These activities demonstrate the group’s aggressive, multi-pronged effort to quickly alter its operational focus in support of Iran’s political and military priorities.”

In April APT42 apparently intensified their targeting of users based in Israel. They sought out people with connections to the Israeli military and defense sector, as well as diplomats, academics, and NGOs.

Google said it had taken down “multiple APT42-created Google Sites pages that masqueraded as a petition from the legitimate Jewish Agency for Israel calling on the Israeli government to enter into mediation to end the conflict.”

Active hackers

Google confirmed APT42 is still actively targeting people associated with Biden, Trump and Vice President Kamala Harris, who replaced Biden as the Democratic candidate last month.

Image credit: US government

Other targets include current and former government officials, as well as presidential campaign affiliates.

“As we outlined above, APT42 is a sophisticated, persistent threat actor and they show no signs of stopping their attempts to target users and deploy novel tactics,” said Google. “This spring and summer, they have shown the ability to run numerous simultaneous phishing campaigns, particularly focused on Israel and the US. As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42.”

“We also remain vigilant for targeting around the US election and encourage all high-risk individuals including elected officials, candidates, campaign workers, journalists, election workers, government officials, and others to sign up for Google’s Advanced Protection Program,” it concluded.

Both Russia and Iran continue to find themselves isolated internationally, because of their hostile domestic and foreign activities.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

17 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

20 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

22 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago