Topline
Google on Wednesday said an Iran-affiliated hacking group targeted President Joe Biden and former President Donald Trump’s campaigns, as well as Israeli officials, in a months-long phishing scheme, just days after Trump’s campaign said it was hacked.
Key Facts
Google identified a group called APT42 as behind the hacking efforts, claiming the group is associated with Iran’s Islamic Revolutionary Guard Corps.
Google said its team disrupted APT42 hacking efforts against the Biden and Trump campaigns during the 2020 election, and detected “a small but steady cadence” of phishing attempts in the 2024 campaign cycle, impacting the personal email accounts of about a dozen people affiliated with the Trump and Biden campaigns between May and June.
The California tech giant said the hacking group targeted “high-profile users in Israel and the U.S.,” including government officials, campaigns, diplomats, employees at think tanks, non-governmental organizations and academic institutions that work in foreign policy.
Google’s findings come just days after the Trump campaign said its internal communications had been hacked, prompting an FBI investigation into an alleged hacking scheme into both Trump and Vice President Kamala Harris’ presidential campaigns.
APT42 ramped up its hacking efforts against Israel in April, according to Google, specifically targeting people associated with the Israeli Defense Forces, diplomats, academics and non-governmental organizations—as tensions between Israel and Iranian-allied militant groups in the Middle East simmered amid Israel’s invasion of the Gaza Strip.
Those hacking attempts included email phishing schemes, such as malware, and targeted users on Google services, Dropbox and OneDrive.
In some cases, the phishing attempts targeting Israeli officials included emails falsely purporting to be a journalist seeking comment on airstrikes.
Get Forbes Breaking News Text Alerts: We’re launching text message alerts so you’ll always know the biggest stories shaping the day’s headlines. Text “Alerts” to (201) 335-0739 or sign up here.
Contra
Google’s Threat Analysis Group reset compromised accounts and issued warnings to targeted users, the company said. In its process, the team issued a warning message that stated: “we believe we detected government-backed attackers trying to steal your password.”
Big Number
60%. That’s the percentage of APT42’s known targeting that was directed toward Israel and the U.S. over the past six months, according to Google.
What To Watch For
The Biden administration, along with the leaders of the U.K., France, Germany and Italy, called on Iran to “ stand down” on threats of a military attack on Israel following a series of attacks and the killing of leaders of Iranian-backed groups. Iran vowed “tough” retaliation for those killings, which included Ismail Haniyeh, the political leader of the Gaza-based militant group Hamas (Israel did not take responsibility for the assassination, though several unnamed U.S. officials told The New York Times Israel planned the attack). Israel has also exchanged rocket fire with the Iran-affiliated Lebanese militant group Hezbollah in recent months, stoking fears of a wider regional war. Last month, Israel blamed Hezbollah for rocket fire that killed over 10 people in Israel’s Golan Heights (Hezbollah denied Israel’s claim).
Key Background
Foreign interference in U.S. elections has become an increasing threat in recent years. Following the 2016 election, U.S. officials said Russia officials had interfered in the election to help Trump win over Democrat Hillary Clinton, hacking and releasing internal documents from Democrats to do so. Those findings were laid out in a 2019 report by special counsel Robert Mueller, who reported Trump did not coordinate with Russian officials to interfere with the election, though the interference itself happened “in sweeping and systematic fashion”—Trump condemned Mueller’s investigation as a “witch hunt.” Biden’s alleged business activities with Ukrainian officials.
Further Reading
“>