Google says it disrupted Iranian attempts to hack Trump and Biden campaigns

Google’s Threat Analysis Group said Wednesday it stopped Iran-sponsored efforts to hack into the campaigns of former President Trump and President Biden.

The new revelation of Tehran’s attempted hacks comes amid word of a larger cyber onslaught from Iran aiming to denigrate Mr. Trump, the Republican candidate for president.

TAG, a Google unit focused on combating government-backed hackers, said it detected and disrupted a “small but steady cadence” of “phishing” attempts from the Iranian APT42 hacking group to gain access to the email accounts of senior campaign officials on both sides.

“In May and June, APT42 targets included the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump, including current and former officials in the U.S. government and individuals associated with the respective campaigns,” TAG said on its blog. “We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals.”

APT42 refers to Iranian-sponsored cyberattackers that the giant search company said are associated with the Islamic Revolutionary Guard Corps, the Iranian force that consistently targets high-profile government officials, campaigns and others in the U.S. and Israel, according to TAG.

The Google team said it observed the Iranian hackers impersonating think tanks, including the Washington Institute for Near East Policy and the Brookings Institution. Under the camouflage of the Washington Institute, the hackers targeted researchers in the U.S. and Israeli diplomats and journalists, among others.

Google’s revelation of the Iranian activity comes after the Trump campaign said Saturday that it had been targeted online, indicating that Iranian hackers played a role. The FBI later confirmed it was investigating the suspected hack of the Trump campaign.

Iranian officials in New York and Tehran -have denied the country is seeking to hack campaign accounts or try to interfere with the November presidential election. “We do not attribute credibility to this news, as the Iranian government lacks both the intent and motivation to intervene in the American presidential elections,” Iran’s mission to the United Nations in New York said in a statement earlier this week.

Microsoft said last week it found an Iranian group sending a “spear-phishing” email aiming at a presidential campaign, though it did not directly identify which campaign.

“In June 2024, Mint Sandstorm — a group run by the Islamic Revolutionary Guard Corps (IRGC) intelligence unit — sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor,” Microsoft said. “The phishing email contained a fake forward with a hyperlink that directs traffic through an actor-controlled domain before redirecting to the listed domain.”

Media outlets have since reported receiving internal documents appearing to belong to individuals close to Mr. Trump, leading cyber analysts to conclude the hack-and-leak effort has roots in Tehran.

Alongside attempts to breach emails, cyber intelligence firm Recorded Future said it observed Iran-linked efforts to trick people into believing the attempted assassination of Mr. Trump was a hoax.

The digital mayhem appears unlikely to lessen anytime soon, as tech firms have observed Iranian-connected actors readying covert online operations. Microsoft said it saw an Iranian group deploying covert news websites to target voters, while Recorded Future said Iran was developing covert social media accounts to influence the election.