Phishing attacks, which took place in May, targeted the personal email accounts of roughly a dozen individuals affiliated with Biden and Trump, Google said.
A hacking group allegedly backed by the Iranian government has recently targeted individuals associated with the campaigns of President Joe Biden and former President Donald Trump, tech giant Google has confirmed.
The group consistently targets “high-profile individuals in Israel and the United States,” Google said.
Those targets include current and former government officials, political campaigns, diplomats, individuals who work at think tanks, and nongovernmental organizations (NGOs), and “academic institutions that contribute to foreign policy conversations,” according to the tech giant.
TAG noted it has detected and disrupted a “small but steady cadence” of APT42’s credential phishing activity during the current U.S. presidential election cycle.
Those phishing attacks, which took place in May, targeted the personal email accounts of roughly a dozen individuals affiliated with Biden and Trump, as well as individuals associated with their respective campaigns, according to the blog post.
Google’s TAG said it has blocked “numerous” attempts by APT42 to log in to the personal email accounts of the targeted individuals and also warned the individuals who were targeted.
The company also reset any compromised accounts, updated detections, disrupted malicious Google Sites pages, and conducted other efforts to dismantle the group’s infrastructure.
Hackers Access Email Account
However, Google said the group managed to successfully gain access to the personal Gmail account of a “high-profile political consultant.”
It did not name the consultant, but said it reported the incident to the FBI in July and continues to cooperate with the agency.
TAG also noted that it continues to observe “unsuccessful attempts” from APT42 to compromise the personal accounts of individuals affiliated with Democratic presidential candidate Vice President Kamala Harris.
The cyber-espionage group’s operations date back to at least 2015, and the group typically conducts surveillance operations and collects information against individuals and organizations of “strategic interest,” to the Iranian government, Mandiant said.
In its latest blog post, Google said the group “heavily targeted” users in Israel and the United States between February and late July.
“In the past six months, the U.S. and Israel accounted for roughly 60 percent of APT42’s known geographic targeting, including the likes of former senior Israeli military officials and individuals affiliated with both U.S. presidential campaigns,” the tech giant said.
“These activities demonstrate the group’s aggressive, multi-pronged effort to quickly alter its operational focus in support of Iran’s political and military priorities.”
Attacks on US, Israel Have ‘Intensified’
Google said that APT42 “intensified” its targeting of users based in Israel in April 2024; with the group seeking out people with connections to the Israeli military and defense sector, as well as diplomats, academics, and NGOs, according to the company.
The hacking group uses various tactics in email phishing campaigns to victims, including hosting malware, phishing pages, and malicious redirects, Google said.
The group also typically abuses services such as Google Drive, Gmail, Dropbox, OneDrive, and others for these purposes, it said.
This is not the first time that Google has disrupted alleged hacking attempts by APT42 ahead of the critical election period.
The blog post from Google expands on a recent Microsoft that revealed suspected Iranian cyber intrusion in this year’s U.S. presidential election.
Trump blamed “foreign sources hostile to the United States” for the hacking attack.
The Associated Press contributed to this report.