adimas - Fotolia
Chinese, Iranian hackers targeted Trump and Biden campaigns
Shane Huntley, director of Google's Threat Analysis Group, announced that two state-backed APT groups targeted campaign staff for both Joe Biden and President Donald Trump.
Google announced Thursday that state-sponsored Chinese and Iranian hackers targeted campaign staff of both Joe Biden and President Donald Trump in recent election attacks.
In a series of posts on Twitter, Shane Huntley, director of Google's Threat Analysis Group (TAG), detailed the recent attempts by advanced persistent threat (APT) groups to compromise both presidential campaigns through phishing attacks, which he said were unsuccessful.
"Recently TAG saw China APT group targeting Biden campaign staff and Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement," Huntley wrote on Twitter.
In addition to confirming the attempted attacks, Huntley also attributed the activity to APT31, a Chinese hacking group also known as Zirconium, and APT35, Iranian hackers also known as Newscaster Team.
A spokesperson from Google verified the hacking attempt in an email to SearchSecurity.
"We can confirm that our Threat Analysis Group recently saw phishing attempts from a Chinese group targeting the personal email accounts of Biden campaign staff and an Iranian group targeting the personal email accounts of Trump campaign staff. We didn't see evidence that these attempts were successful. We sent the targeted users our standard government-backed attack warning and we referred this information to federal law enforcement. We encourage campaign staff to use extra protection for their work and personal emails, and we offer security resources such as our Advanced Protection Program and free security keys for qualifying campaigns."
Phishing has been a major vector in previous election campaign attacks as well. For example, John Podesta, chairman of Hillary Clinton's 2016 presidential campaign, fell victim to a phishing attack prior to the election.
An investigation by Atlanta-based cybersecurity firm SecureWorks Inc. uncovered a malicious link created with the Bitly URL-shortening service used by hackers to gain access to Podesta's Gmail account. The Bitly account used to create the link was connected to a domain controlled by the Russian state-sponsored APT group known as Fancy Bear.