State-sponsored hackers from Iran and China have recently targeted the presidential campaigns of Republican President Donald Trump and Democrat Joe Biden, a Google threat analyst said Thursday.
The unveiling is the latest evidence that foreign governments are trying to get information about US politicians and possibly disrupt or interfere in their campaigns. A group supported by Iran targeted the Trump campaign, and attackers supported by China targeted the Biden campaign, said Shane Huntley, head of the Google Threat Analysis Group on Twitter. Both groups used phishing emails. There is no indication that either attack campaign was successful.
Kittens and pandas
Huntley identified the Iranian group targeting Trump's campaign as APT35, short for Advanced Persistent Threat 35. Also known as Charming Kitten, iKittens, and Phosphorous, the group was caught in an undisclosed presidential campaign last October. In this campaign, Phosphorus members attempted to access campaign employees from email accounts received through Microsoft Cloud services. According to Microsoft, the attackers have worked tirelessly to collect information that could be used to activate password resets and other Microsoft-provided account recovery services.
The Chinese group, known as APT31, meanwhile is targeting the Biden campaign, Huntley said. The group, which security researchers also call Hurricane Panda, Black Vine, and Zirconium, is "a sophisticated adversary" who exploited a zero-day vulnerability in Microsoft Windows in 2014, researchers at security firm CrowdStrike said at the time.
Huntley said Google officials sent the campaigns the company's standard warning that they were affected by national hacking. The company started the practice in 2012. To protect its sources and methods, Google doesn't send the notifications immediately and then send them in bulk. Google also referred the matter to law enforcement.
In a statement, a Google spokesman wrote:
We can confirm that in our threat analysis group, recent phishing attempts were carried out by a Chinese group that targeted the Biden campaign employees' personal email accounts and an Iranian group that targeted the personal email -Accounts targeted by the employees of the Trump campaign. We have seen no evidence that these attempts have been successful. We have sent our government-sponsored standard attack alert to target users and have forwarded this information to federal law enforcement agencies. We encourage campaign employees to use additional protection for their work and personal emails, and we offer security resources such as our advanced protection program and free security keys for qualified campaigns.
Hacking political parties and campaigns has been a major concern since two Russian hacking groups broke into the network of the National Democratic Committee shortly before the presidential campaign in 2016. Most of the violations were achieved through phishing emails that tricked employees into entering their passwords on websites controlled by attackers.
Several U.S. intelligence agencies later concluded that Russia was conducting a continuing hacking and disinformation campaign to disrupt the U.S. democratic process and increase the then-Trump candidate's chances of winning an election.
Google offers the above-mentioned Advanced Protection Program, a service to protect politicians, election workers, journalists and others who are often attacked by hackers. The program must use a physical security key as a second factor when you sign in to Gmail and other Google services from new devices. APP would very likely have frustrated the 2016 phishing attacks, as simply stealing passwords is not enough to gain unauthorized access.