Login
Iranian Cyber Group APT42 Targets U.S. Presidential Campaigns
Bite-Sized Cybersecurity Blog
Blog
August 22, 2024
Iranian Cyber Group APT42 Targets U.S. Presidential Campaigns

The most recent reports indicate that the Iranian hackers targeted both Trump and Biden’s presidential campaigns. In particular, they are suspected to be a group referred to as APT42 and to work on behalf of the Revolutionary Guard Corps (IRGC) of Iran. This campaign was not targeted toward one political side, as both Democratic and Republican campaigns have been targeted by these cyber operations. The Threat Analysis Group at Google recently discovered that APT42 had been trying to compromise about a dozen individuals associated with the campaigns, current, and former government officials. Such an unusually wide targeting reflects an interest on the part of Iran in both campaigns because of the crucial role these figures normally play in defining U.S. policy towards the Middle East.

The activities of APT42 are part of a bigger trend in cyber espionage that goes beyond spying. Neither candidate appears to have a favor from the collective, yet the interest shown by both campaigns in reaching out to these voters indicates something meaningful about the interests of the Iranian government in these two political figures. Their activities appear to be far-reaching, ranging from phishing operations designed to entice users to enter their login credentials and other sensitive information at fraudulent websites to much less benign activities. APT42 has historically been identified targeting Israeli organizations also, which are, of course, tangentially associated with elections in the US.

Central to the story is the implication that the sensitive files stolen were from the Trump campaign, with reports that some of them were even being offered to big news outlets. At any rate, while there has been no confirmation as of yet linking APT42 to this breach, it’s an incident that brings many similarities to Russia’s 2016 hack-and-leak operation against Hillary Clinton’s campaign. This could be taken to mean that APT42 activities extended beyond normal espionage to what is known as an influence operation, a form of information warfare that tries to affect the emotions, objective reasoning, or behavior of people or institutions.

Google and Microsoft themselves were hard at work in recent times cutting down those threats by blocking scores of login attempts and informing all who were affected. FBI investigates the phishing attacks too, denoting the seriousness of the cyber threats. However, despite these efforts, the continued importance that APT42 placed on compromising campaign officials once again underlined how persistent and dynamic cyber operations can be. In many ways, the actions of APT42 remain illustrative of a larger trend within international cyber espionage: multiple state-sponsored hacking groups are actively involved in election interference and political processes across the globe. Quite a leap of scale from the sort of influence operations that were historically regarded as a Russian specialty.

Related Posts

Bite-Sized Offensive Cybersecurity Newsletter

We value your time and deliver only the most interesting and impactful updates straight to your inbox. No spam. Unsubscribe anytime.

Join over 10,000 people who have already subscribed.

Newsletter