Iranian hackers target U.S. presidential campaign official, Microsoft says
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Iran-backed hackers targeted a high-ranking official at an unidentified U.S. presidential campaign in a June spear-phishing attack, Microsoft said in a new report released Friday.
Why it matters: Several Iranian groups have started to launch aggressive disinformation and hacking campaigns to influence the outcome of the 2024 U.S. presidential elections, Microsoft said.
- Iran has been following in the footsteps of Russia — which is notorious for its 2016 hacks of major U.S. political parties and successful disinformation operations.
Zoom in: Mint Sandstorm, a group run by the Islamic Revolutionary Guard Corps' intelligence unit, sent a spear-phishing email in June to a high-ranking official of a presidential campaign.
- The hackers used the compromised email account belonging to a former senior campaign adviser, and the email included a link that would first redirect to an "actor-controlled domain before redirecting to the listed domain," per the report.
- The same group also attempted to log into an account belonging to a former presidential candidate on June 13, just days before the phishing attack against an active presidential campaign.
- Other security firms also refer to Mint Sandstorm as Charming Kitten or APT35.
Yes, but: Microsoft noted it does not yet have enough evidence to fully determine if the activity is motivated by the 2024 elections since this group routinely targets senior political officials.
Flashback: The same Iranian group also similarly targeted a presidential campaign in May and June 2020, five to six months before the last presidential election, according to the Microsoft report.
The big picture: Iran is starting to get more aggressive in its targeting of U.S. elections, alongside Russia and China.
- The U.S. intelligence community assessed last week that Iran was using covert influence to undermine the Trump campaign.
- Several Iranian groups have also started circulating fake news stories that targeted U.S. voters on both sides of the political spectrum.
- Some of these fake news stories appear to be using AI-enabled services to plagiarize from U.S. publications, making them more believable, Microsoft said.
Between the lines: Iran isn't only targeting federal government offices and political campaigns, according to Microsoft.
- In May another Iranian group, known as Peach Sandstorm or APT33, successfully compromised the account belonging to someone who works for a county government in a swing state.
- In that case, the hackers used a simple password spraying attack — where actors try to gain access using the same password across different accounts.
- Microsoft also noted that this attack may have also not been an election-related attack and that the county had "undergone a race-related controversy that made national news this year."
The bottom line: Early reports predict that the closer the U.S. gets to Election Day, the more foreign cyberattacks and influence operations the country will see.
- Political campaigns and voters should remain vigilant online and practice good cyber hygiene.
Go deeper: Get ready for an onslaught of election disinformation
