What we know about suspected Iranian cyber intrusion in the US presidential race

Image

Republican presidential nominee former President Donald Trump arrives to speak at a campaign rally in Bozeman, Mont., Friday, Aug. 9, 2024. (AP Photo/Rick Bowmer)

NEW YORK (AP) — Details emerged over the weekend of a suspected Iranian cyber intrusion into the campaign of Republican presidential nominee Donald Trump, potentially resulting in the theft of internal campaign documents.

The FBI is investigating the matter as well as attempts to infiltrate President Joe Biden’s reelection campaign, which became Vice President Kamala Harris’ campaign after Biden dropped out of the race.

Here’s what we know:

What happened?

Trump’s presidential campaign said Saturday that it had been hacked and that sensitive internal documents were stolen and distributed. It declared that Iranian actors were to blame.

The same day, Politico revealed it had received leaked internal Trump campaign documents by email, from a person only identified as “Robert.” The outlet said the documents included vetting materials on Republican vice presidential nominee JD Vance and Sen. Marco Rubio, who also was considered as a potential vice president.

Two other news outlets, The New York Times and The Washington Post, also said they received leaked materials. None of them revealed details about what they had, instead describing the documents in broad terms.

It’s still unclear whether the materials the news outlets received were related to Trump’s alleged campaign hack. Trump campaign spokesman Steven Cheung indicated they were connected, saying the documents “were obtained illegally” and warning that “any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies and doing exactly what they want.”

The FBI on Monday confirmed that it’s investigating the intrusion of the Trump campaign. Two people familiar with the matter said the FBI also is investigating attempts to gain access to the Biden-Harris campaign.

Why is Trump blaming Iran?

Trump’s campaign didn’t provide specific evidence showing Iran was behind the hack. But it pointed to a Microsoft report released Friday that detailed an Iranian attempt to infiltrate a presidential campaign in June.

Microsoft’s report said an Iranian military intelligence unit had sent “a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.” Spear-phishing is a form of cyberattack in which an attacker poses as a known or trusted sender, often to install malware or gather sensitive information.

The tech company wouldn’t disclose which campaign or adviser was targeted, but said it had notified them. Since then, both Trump and a longtime friend and adviser of the former president, Roger Stone, have said they were contacted by Microsoft related to suspected cyber intrusions.

“We were just informed by Microsoft Corporation that one of our many websites was hacked by the Iranian Government - Never a nice thing to do!” Trump wrote on his Truth Social platform on Saturday.

Grant Smith, an attorney for Stone, said his client “was contacted by Microsoft and the FBI regarding this matter and continues to cooperate with these organizations.” He declined further comment.

What does the government say?

U.S. State Department officials declined to speculate on allegations that Iran was behind the hack, but a spokesperson said it would be in keeping with Tehran’s past use of cyberattacks and deception.

“These latest attempts to interfere in U.S. elections are nothing new for the Iranian regime,” spokesperson Vedant Patel said on Monday.

U.S. intelligence officials declined to comment on the incident and referred questions to the FBI, which has said only that it’s investigating.

Iran’s mission to the United Nations, when asked about the claim of the Trump campaign, denied being involved.

“We do not accord any credence to such reports,” the mission told The Associated Press. “The Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election.”

However, Iran long has been suspected of running hacking campaigns targeting its enemies in the Middle East and beyond. Tehran also has threatened to retaliate against Trump over the 2020 drone strike he ordered that killed prominent Revolutionary Guard Gen. Qassem Soleimani.

Was Harris targeted too?

Harris’ campaign has declined to say whether it has identified any state-based intrusion attempts, only saying it vigilantly monitors cyber threats and wasn’t aware of any security breaches of its systems.

But two people familiar with the matter said the Biden-Harris campaign also was targeted in the suspected Iranian cyber intrusion. The people spoke on the condition of anonymity because they were not authorized to discuss the details of the investigation.

At least three staffers in the Biden-Harris campaign were targeted with phishing emails, but investigators have uncovered no evidence the attempt was successful, one of the people said. The attempts came before Biden dropped out of the race.

The FBI began investigating that cyber incident in June, and intelligence officials believe Iran was behind the attempts, that person said.

Where have I heard this before?

A suspected foreign hack-and-leak of campaign materials might sound familiar because it’s happened before — notably in 2016.

That year, a Russian hack exposed emails to and from Hillary Clinton’s campaign manager, John Podesta. The website Wikileaks published a trove of the messages, which were reported on extensively by news outlets.

Senate Majority Leader Chuck Schumer on Tuesday noted the repeated use of the tactic against the U.S. and said it shows foreign adversaries are “intent on sowing chaos and undermining our democratic process.”

“So we have to stand firm to ensure our cybersecurity can withstand such intrusions as we head into November,” he said in a statement.

Experts say that the recent apparent hack of the Trump campaign is not likely to be the last such attempt to influence the U.S. election, either through cyberattacks or online disinformation. Both Iran and Russia, for example, have begun targeting Americans with fake news websites and other social media content that appears intended to sway voters, Microsoft and U.S. intelligence officials have said.

The nation’s former top election security official, Chris Krebs, warned on the social platform X that Americans should take this threat seriously.

“You might not like the victim here, but the adversary gives zero Fs who you like or don’t like,” he said of the Trump campaign hack. “American voters decide American elections. Let’s keep it that way.”

___

Associated Press writers Alanna Durkin Richer, David Klepper and Zeke Miller in Washington contributed to this report.

___

The Associated Press receives support from several private foundations to enhance its explanatory coverage of elections and democracy. See more about AP’s democracy initiative here. The AP is solely responsible for all content.