A hacking group, allegedly supported by the Iranian regime, has recently been identified by tech giant Google for targeting individuals associated with the campaigns of President Joe Biden and former President Donald Trump.
Google confirmed that this group, known as APT42, consistently focuses on high-profile figures in both Israel and the United States. Their targets include current and former government officials, political campaigns, diplomats, think tanks, non-governmental organizations (NGOs), and academic institutions contributing to foreign policy discussions.
Google’s Threat Analysis Group (TAG) has discovered and disrupted a series of credential phishing attacks by APT42 during the current U.S. presidential election cycle. Around May, these phishing attacks specifically targeted the personal email accounts of approximately twelve individuals affiliated with Biden, Trump, and their respective campaigns.
TAG revealed that it successfully blocked multiple attempts by APT42 to gain access to the targeted individuals’ personal email accounts. Additionally, the individuals who were targeted were duly alerted about the attacks.
While the consultant involved in this incident was not identified, Google has reported the event to the FBI and continues to cooperate with the agency.
TAG further noted that it continues to monitor unsuccessful attempts by APT42 to compromise the personal accounts of individuals linked to Democratic presidential nominee Vice President Kamala Harris.
Mandiant, a cybersecurity firm, described APT42 as a cyberespionage group that has been active since at least 2015. Their typical operations involve conducting surveillance and gathering information on individuals and organizations of strategic interest to the Iranian regime.
In its recent blog post, Google highlighted that APT42 heavily targeted users in Israel and the United States between February and late July, with the majority of their geographic targeting occurring in these two countries over the past six months. Notable targets included former senior Israeli military officials and individuals associated with both U.S. presidential campaigns.
These activities demonstrate the group’s aggressive and multi-faceted approach in quickly adapting its operations to align with Iran’s political and military objectives.
According to Google, the hacking group employs various tactics in their email phishing campaigns, including hosting malware, utilizing phishing pages, and redirecting victims to malicious sites. They also frequently exploit services like Google Drive, Gmail, Dropbox, and OneDrive for their illicit activities.
Google’s blog post expands on a recent report by Microsoft that revealed suspected Iranian cyber intrusions during this year’s U.S. presidential election. President Trump, linking it to foreign sources hostile to the United States, blamed the hacking attack.
Discover more from Tension News
Subscribe to get the latest posts sent to your email.