Google confirms an Iranian group is trying to access emails linked to both US presidential campaigns

NEW YORK (AP) — Google said Wednesday that an Iranian group linked to the country’s Revolutionary Guard has tried to infiltrate the personal email accounts of roughly a dozen people linked to President Joe Biden and former President Donald Trump since May.

The tech company’s threat intelligence arm said the group is still actively targeting people associated with Biden, Trump and Vice President Kamala Harris, who replaced Biden as the Democratic candidate last month when he dropped out. It said those targeted have included current and former government officials, as well as presidential campaign affiliates.

The new report from Google’s Threat Analysis Group affirms and expands on a Microsoft report released Friday that revealed suspected Iranian cyber intrusion in this year’s U.S. presidential election. It sheds light on how foreign adversaries are ramping up their efforts to disrupt the election that is now less than three months away.

Google’s report said its threat researchers detected and disrupted a “small but steady cadence” of the Iranian attackers using email credential phishing, a type of cyberattack where the attacker poses as a trusted sender to try to get an email recipient to share their login details. John Hultquist, chief analyst for the company’s threat intelligence arm, said the company sends suspected targets of these attacks a Gmail popup that warns them that a government-backed attacker might be trying to steal their password.

The report said Google observed the group gaining access to one high-profile political consultant’s personal Gmail account. Google reported the incident to the FBI in July. Microsoft’s Friday report had shared similar information, noting that the email account of a former senior adviser to a presidential campaign had been compromised and weaponized to send a phishing email to a high-ranking campaign official.

What to know about the 2024 Election

  • Democracy: American democracy has overcome big stress tests since the 2020 election. More challenges lie ahead in 2024.
  • AP’s Role: The Associated Press is the most trusted source of information on election night, with a history of accuracy dating to 1848. Learn more.
  • Read the latest: Follow AP’s complete coverage of this year’s election.

The group is familiar to Google’s threat intelligence arm and other researchers, and this isn’t the first time it has tried to interfere in U.S. elections, Hultquist said. The report noted that the same Iranian group targeted both the Biden and Trump campaigns with phishing attacks during the 2020 cycle, as early as June of that year.

The group also has been prolific in other cyber espionage activity, particularly in the Middle East, the report said. In recent months, as the Israel-Hamas War has aggravated tensions in the region, that activity has included email phishing campaigns targeted at Israeli diplomats, academics, non-governmental organizations and military affiliates.

Trump’s campaign said Saturday that it had been hacked and that sensitive internal documents were stolen and distributed. It declared that Iranian actors were to blame.

The same day, Politico revealed it had received leaked internal Trump campaign documents by email, though it wasn’t clear whether the leaked documents were related to the suspected Iranian cyber activity. The Washington Post and The New York Times also received the documents.

While the Trump campaign hasn’t provided specific evidence linking Iran to the hack, both Trump and his longtime friend and former adviser Roger Stone have said they were contacted by Microsoft related to suspected cyber intrusions. Stone’s email was compromised by hackers targeting Trump’s campaign, a person familiar with the matter said.

Google and Microsoft wouldn’t identify the people targeted in the Iranian intrusion attempts or confirm that Stone was among them. Google did confirm that the Iranian group in its report, which it calls APT42, is the same as the one in Microsoft’s research. Microsoft refers to the group as Mint Sandstorm.

Harris’ campaign has declined to say whether it has identified any state-based intrusion attempts, but has said it vigilantly monitors cyber threats and isn’t aware of any security breaches of its systems.

The FBI on Monday confirmed that it’s investigating the intrusion of the Trump campaign. Two people familiar with the matter said the FBI also is investigating attempts to gain access to the Biden-Harris campaign.

The reports of Iranian hacking come as U.S. intelligence officials have warned of persistent and mounting efforts from both Russia and Iran to influence the U.S. election through their online activity. Beyond these hacking incidents, groups linked to the countries have used fake news websites and social media accounts to churn out content that appears intended to sway voters’ opinions.

While neither Microsoft nor Google specified Iran’s intentions in the U.S. presidential race, U.S. officials have previously hinted that Iran particularly opposes Trump. U.S. officials also have expressed alarm about Tehran’s efforts to seek retaliation for a 2020 strike on an Iranian general that was ordered by Trump.

Iran’s mission to the United Nations, when asked about the claim of the Trump campaign, denied being involved.

“We do not accord any credence to such reports,” the mission told The Associated Press. “The Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election.”

The mission did not immediately respond to a request for comment Wednesday about Google’s report.

___

Associated Press writer Michael Weissenstein contributed to this report.

___

The Associated Press receives support from several private foundations to enhance its explanatory coverage of elections and democracy. See more about AP’s democracy initiative here. The AP is solely responsible for all content.