Reuters reported that foreign hackers targeted the personal email accounts of staffers on the presidential candidate Joe Biden and President Donald Trump. It appears that hackers from China tried to target staffers of Joe Biden, while Iranian hackers targeted the personal email accounts of Trump campaign staff.
Shane Huntley, the head of Google’s Threat Analysis Group, tweeted that the foreign hackers had made phishing attempts on campaign staffers’ emails, but there had been “no sign of compromise.”
Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement. https://t.co/ozlRL4SwhG
— Shane Huntley (@ShaneHuntley) June 4, 2020
A Google spokesperson told that the company had not seen any evidence that any of the attempted attacks had been successful and that it had sent the information to federal law enforcement officials. “We encourage campaign staff to use extra protection for their work and personal emails, and we offer security resources such as our Advanced Protection Program and free security keys for qualifying campaigns,” the spokesperson said.
Matt Hill, deputy national press secretary for the Joe Biden campaign, says the campaign was aware of the phishing attempt and had been braced for something like this to happen. “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them,” Hill told The Verge in an email, adding that the campaigns take cybersecurity seriously and “will remain vigilant against these threats.”
A spokesperson for the Trump campaign said it had been “been briefed that foreign hackers unsuccessfully attempted to breach the technology of our staff. We are vigilant about cybersecurity and do not discuss any of our precautions.”
This apparently wasn’t the first instance of Iranian hackers trying to access Trump campaign emails. Last year, Microsoft said an Iranian group — known alternately as Phosphorous, APT 35, or Charming Kitten — unsuccessfully tried to get into a presidential campaign’s emails. Reuters later identified the campaign in question as Trump’s.
Email hacking is a particularly fraught issue for US political campaigns after Russian hackers successfully phished the Democratic National Committee in 2016, exposing thousands of emails.