Google’s Threat Analysis Group (TAG) recently disclosed in a report that an Iranian phishing operation has compromised about a dozen email accounts connected with U.S. officials, along with individuals from both President Joe Biden’s and former President Donald Trump’s campaign teams.
This cyber activity has been attributed to a faction associated with the Islamic Revolutionary Guard Corps of Iran, identified in the report. Despite multiple interception efforts by TAG, the attackers, known as APT42, achieved unauthorized access to the email of a prominent political consultant. Their activities have also extended to targeting officials in Israel.
The report from Google’s TAG highlights ongoing, albeit unsuccessful, efforts by APT42 to breach the personal email accounts of people linked to President Biden, Vice President Harris, and former President Trump, including those currently and previously in government roles and related to their electoral campaigns.
APT42’s tactics involve sending innocuous-looking social engineering emails posing as journalists or official bodies to build trust with the recipients. They also launched spear-phishing campaigns with links that secretly gather sensitive data without the users’ awareness. The campaigns of this group have persistently aimed at U.S. and Israeli governmental bodies, campaign staff, diplomats, think tanks, and NGOs.
Google has raised concerns over the increasing malicious digital activities orchestrated by foreign state entities, pointing out the relentless efforts of the Iranian group to compromise user accounts through innovative strategies. The report emphasizes the group’s focus on running numerous phishing operations, especially against the U.S. and Israel, predicting an uptick in such campaigns amid escalating tensions between Iran and Israel.
Additionally, Microsoft’s threat intelligence on Aug. 9 paralleled Google’s findings, highlighting a rise in influential cyber operations by Iranian entities directed at influencing U.S. political outcomes, including the breach of a former presidential candidate’s account and the creation of websites aimed at heightening political discord within the U.S.
Both affected individuals and organizations have been alerted about these cyber threats, with Google actively committed to monitoring and addressing these challenges.
