Google said that an Iranian group linked to the country’s Revolutionary Guard had tried to infiltrate the personal email accounts of roughly a dozen people linked to President Joe Biden and former President Donald Trump since May.
The tech company’s threat intelligence arm said the group was still actively targeting people associated with Biden, Trump, and Vice President Kamala Harris.
It said those targeted have included current and former government officials, as well as presidential campaign affiliates.
The new report from Google’s Threat Analysis Group affirmed and expanded upon a Microsoft report released Friday that revealed a suspected Iranian cyber intrusion in this year’s U.S. presidential election.
It shed light on how foreign adversaries are increasing their efforts to disrupt the election that is now less than three months away.
Google’s report said its threat researchers detected and disrupted a “small but steady cadence” of Iranian attackers using email credential phishing, a type of cyberattack where the attacker poses as a trusted sender to try to get an email recipient to share login details.
John Hultquist, chief analyst for the company’s threat intelligence arm, said the company sends suspected targets of these attacks a Gmail pop-up that warns them that a government-backed attacker might be trying to steal their passwords.
The report said Google observed the group gaining access to one high-profile political consultant’s personal Gmail account. Google reported the incident to the FBI in July.
Microsoft’s Friday report shared similar information, noting that the email account of a former senior adviser to a presidential campaign had been compromised and weaponized to send a phishing email to a high-ranking campaign official.
The group is familiar with Google’s threat intelligence arm and other researchers, and this isn’t the first time it has tried to interfere in U.S. elections, Hultquist said.
The report noted that the same Iranian group targeted both the Biden and Trump campaigns with phishing attacks during the 2020 cycle, as early as June of that year.
The group also has been prolific in other cyber espionage activity, particularly in the Middle East, the report said. In recent months, as the Israel-Hamas war has fueled tension in the region, that activity has included email phishing campaigns targeted at Israeli diplomats, academics, nongovernmental organizations, and military affiliates.
Trump’s campaign said Saturday that it had been hacked and that sensitive internal documents had been stolen and distributed. It said Iranian actors were to blame.
