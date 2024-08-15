An Iranian state-backed threat actor is targeting individuals associated with the Harris and Trump Presidential campaigns, according to Google’s Threat Analysis Group (TAG).

The group, APT42, has been observed attempting to compromise email accounts of individuals associated with the respective US Presidential campaigns via spearphishing attacks.

TAG said APT42 targeted the personal email accounts of roughly a dozen affiliated with President Biden and with former President Trump, including current and former officials in the US government, in May and June.

These campaigns have led to multiple accounts being successfully breached, including the personal Gmail account of a high-profile political consultant.

“Today, TAG continues to observe unsuccessful attempts from APT42 to compromise the personal accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump, including current and former government officials and individuals associated with the campaigns,” said the researchers.

The new analysis follows a Microsoft report on August 8 that detailed four distinct cyber-enabled influence operations by Iranian actors targeting the US Presidential Election cycle.

APT42 is known to targets military and political figures in support of Iran’s geopolitical goals.

Intensified Targeting of Israel

The Google TAG researchers also revealed an intensified targeting of users based in Israel since April 2024 by APT42. These phishing attacks have primarily targeted individuals with connections to the Israeli military and defense sector, as well as diplomats, academics and NGOs.

In the six months from February to July 2024, TAG found that the US and Israel has accounted for approximately 60% of APT’s known geographic targeting.