Chinese and Iranian hackers have recently attempted to bore in on the presidential campaigns of Joseph Biden and President Donald Trump, using email phishing to potentially get a foot in the door.
Google’s Threat Analysis Group (TAG) said that Advanced Persistent Threat (APT) attackers from both online adversaries have sent bogus emails to staffers of Biden’s and Trump’s campaigns. Malicious phishers typically look to trick unwitting victims into revealing passwords and other credentials.
“Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing,” Shane Huntley, a member of Google’s TAG, posted on Twitter. “No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement.”
It’s not clear when Chinese and Iranian cyber crews began attempts to penetrate both presidential campaigns. "We are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff,” a Biden spokesperson told The Hill. “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them.” The spokesperson said that Biden’s campaign will “remain vigilant” against cyber threats.
A spokesperson for the Trump campaign told The Hill that they had been apprised of the incidents. "The Trump campaign has been briefed that foreign actors unsuccessfully attempted to breach the technology of our staff," the spokesperson said. "We are vigilant about cybersecurity and do not discuss any of our precautions."
The phishing emails attributed to China and Iran targeting the current presidential campaigns may be one of many. Last October, a hacking group linked to the Iranian government reportedly made unsuccessful attempts to break into Trump’s 2020 re-election campaign infrastructure. The Trump attack was part of a 30-day volley of cyber strikes on hundreds of email accounts belonging to Microsoft customers launched by a cyber crew known as Phosphorus. The hackers made about 2,700 forays aimed at Microsoft customers’ email accounts this past August and September, ultimately zeroing in on 241 of those accounts, Microsoft said.
While China, Iran, North Korea and Russia are considered the primary U.S. cyber adversaries -- lately serving up an increasing number of attacks tied to the coronavirus (COVID-19) outbreak -- there are others. Only days ago, Google TAG researchers warned in a blog post of an uptick in new activity from several India-based cyber phishers. India government-backed “hack-for-hire” crews are capitalizing on COVID-19 by using bogus gmail accounts to trick business leaders in key industries to hand over their Google account credentials, the company’s security outfit said.
In a mid-May advisory, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) accused China of conducting an espionage campaign to steal intellectual property from U.S. researchers involved in COVID-19 vaccine development. And, a recent advisory issued by the U.S. Departments of State, Treasury and DHS through the Cybersecurity Infrastructure Security Agency, warned that North Korea possesses cyber capability to disrupt the nation’s critical infrastructure and the international financial system. In the highest profile political attack to date, two years ago U.S. intelligence detailed successful Russian cyber activities that influenced the 2016 presidential election.