Chinese and Iranian State Hackers Target Trump/Biden Campaigns

Chinese and Iranian state-sponsored hackers have been caught targeting the Trump and Biden Presidential campaigns, according to Google.

Shane Huntley, director of Google’s Threat Analysis Group, revealed the news in a couple of tweets yesterday.

He confirmed that there was no sign the attacks had led to compromise.

“We sent users our govt attack warning and we referred to fed law enforcement,” Huntley added. “If you are working on a campaign this election cycle, your personal accounts may be targeted. Use the best protection you can. Two-factor authentication or Advanced Protection really can make a difference.”

Google’s Advanced Protection Program is designed to offer maximum protection for the Google accounts of journalists, activists, business leaders, campaign teams and the like who may find themselves at a high risk of targeted attacks.

It features 2FA via physical key or Android device, limited third-party app access to Google emails and Drive files, and a block on app downloads from outside Google Play.

The latest state-backed attacks were attributed to China’s APT31 (aka Zirconium, Bronze Vinewood), which has hitherto been pegged for attacks designed to compromise IP, and Iran’s APT35 group.

The latter, also known as Charming Kitten and Phosphorous, was disrupted in March 2019 when Microsoft court action allowed the firm's Digital Crimes Unit to take control of 99 of its phishing domains. It is often focused on collecting strategic intelligence from US and Middle Eastern government and military targets.

The attacks call to mind the infamous cyber-espionage campaign against Democratic Party officials ahead of the last Presidential election which led to the 'Guccifer 2.0' publication via WikiLeaks of politically embarrassing material. Hillary Clinton has since blamed the likely Russian campaign on her eventual loss to Donald Trump.

“As we have seen in recent history, APT groups targeting political campaigns is nothing new. These groups may be looking to use information that they obtain to sow discord in the country of the ongoing campaign,” said Digital Shadows security engineer, Charles Ragland.

“They may also use it for more traditional intelligence collection to inform other actions. As more and more communication is done online, this trend is likely to continue.”

What’s Hot on Infosecurity Magazine?