Iranian-backed hackers have targeted about a dozen personal email accounts belonging to individuals associated with the Trump and Biden campaigns as part of an ongoing phishing threat, Google’s cybersecurity team confirmed on Wednesday.
Google’s Threat Analysis Group said in its report that APT42, a hacking group linked to Iran’s Islamic Revolutionary Guard Corps, was behind cyberattacks in May and June against the campaigns of former president Donald Trump and President Joe Biden, “including current and former officials in the U.S. government and individuals associated with the respective campaigns.”
The campaign of Vice President Kamala Harris, who replaced Biden as the Democratic presidential nominee last month, was also targeted in unsuccessful phishing attacks.
The report comes days after Trump’s campaign said it had been hacked by “foreign sources” before suggesting Iran was to blame. Earlier Wednesday, Trump pointed his finger at the Iranian government in his first public comments on the incident and praised the FBI’s probe into the hack.
“They are looking at it and they’re doing it very professionally, and it looks like it’s Iran,” Trump told reporters. Pressed on what the FBI told him, Trump replied: “I don’t want to say exactly, but it was Iran.”
On Saturday, several news outlets received emails from an anonymous source containing internal documents from Trump’s campaign. Among the documents was a research dossier on Trump’s running mate, Senator J. D. Vance (R., Ohio). Politico was the first to report on the authentic documents. The third-party report by Google did not confirm whether APT42 was responsible for the leaked documents.
The hacking group, however, did gain “access to the personal Gmail account of a high-profile political consultant,” Google said without naming the person, in attempts to breach accounts across several email providers. Roger Stone, a Republican operative and Trump ally, told the Wall Street Journal on Monday that two of his email accounts had been “compromised by a foreign nation state.”
Google referred the case to law enforcement in early July and remains in cooperation with authorities, the tech company said. It also blocked APT42’s “numerous” attempts to log into the personal accounts of targeted individuals and notified respective campaign officials of suspected malicious activity.
APT42 previously targeted the presidential campaigns of Trump and Biden in 2020. Google thwarted those cyberattacks as well.
The FBI opened an investigation on Monday after the Trump campaign’s internal documents were leaked over the weekend. Microsoft recently released a report, which found that a high-ranking official on a U.S. presidential campaign was targeted in a spear-phishing attack by Iran. The hack occurred around the time that Trump was preparing to choose his running mate.