An Iranian phishing scheme has targeted around a dozen email accounts linked to U.S. officials and campaign staff for President Joe Biden and former President Donald Trump, according to a threat analysis report released by Google Wednesday.
Google’s Threat Analysis Group (TAG) identified multiple cyberattacks from a group linked to Iran’s Islamic Revolutionary Guard Corps, according to the threat report. Multiple attempts have been prevented by TAG, but the hacker group, referred to as APT42, successfully infiltrated one account belonging to a “high-profile political consultant” and has also been targeting Israeli officials.
“Today, TAG continues to observe unsuccessful attempts from ATP42 to compromise the personal accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump, including current and former government officials and individuals associated with the campaigns,” the report stated.
APT42 sent benign social engineering emails masquerading as journalists and official organizations in an attempt to gain the receiver’s trust, as well as multiple spear-phishing campaigns containing links meant to collect sensitive information unbeknownst to the user, Google reported. U.S. and Israeli government officials, campaign staff, diplomats, think tanks and nongovernmental organizations have been consistent targets of the group.
The tech giant said it was experiencing “heightened malicious activity originating from foreign state actors” and that the Iranian group “show[s] no signs of stopping their attempts to target users and deploy novel tactics.”
“This spring and summer, they have shown the ability to run numerous simultaneous phishing campaigns, particularly focused on Israel and the U.S.,” Google stated in the report. “As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from [the hackers].”
On Aug. 9, Microsoft released its own threat intelligence report, which revealed similar findings to Google, reporting an “emergence of significant influence activity by Iranian actors” in cyberspaces, especially attacks meant to impact U.S. elections. Microsoft reported an infiltration of an account belonging to a former presidential candidate as well as several websites targeting voters meant to increase political tension in the U.S.
The affected parties have been notified of the threat, and Google is working to continuously monitor and tackle threats, according to the report.
Google did not immediately respond to a request for comment from the Daily Caller News Foundation.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.
