August 15, 2024 | Flash Brief
Google Report Exposes Iranian Hacker Attacks on Israeli and U.S. Targets
August 15, 2024 | Flash Brief
Google Report Exposes Iranian Hacker Attacks on Israeli and U.S. Targets
Latest Developments
The Iranian regime has stepped up its malicious online attacks against Israel and the United States — including against both parties’ political campaigns — according to an August 14 report by Google’s Threat Analysis Group (TAG). The report revealed that a group associated with Iran’s Islamic Revolutionary Guard Corps (IRGC) known as APT42 “consistently targets high-profile users in Israel and the U.S., including current and former government officials, political campaigns, diplomats, individuals who work at think tanks, as well as NGOs and academic institutions that contribute to foreign policy conversations.” TAG also detected a phishing operation by APT42 hackers, a technique that involves sending fraudulent communications in order to extract sensitive information from recipients, that targeted officials affiliated with the Trump and Biden presidential campaigns in May and June — efforts that the report said were ongoing.
The report comes less than a week after Microsoft released a separate report that identified multiple Iranian actors — including those backed by the IRGC — attempting to manipulate American voters, stoke chaos, undermine trust in authorities, and obtain sensitive information. Observing this flurry of malicious Iranian cyber and influence activity targeting U.S. elections, The Wall Street Journal reported on “rising fears that Iran has emerged as the most aggressive foreign election threat to [the] U.S.”
Expert Analysis
“The recent Google report shows that Iranian actors have been targeting presidential campaigns on both sides of the aisle. Strengthening the cybersecurity posture of political campaigns should be made a national security priority, not just to prevent foreign actors from spying on campaigns but also to defend against hack-and-leaks and other forms of cyber-enabled influence operations.”— Max Lesser, Senior Analyst on Emerging Threats, Center on Cyber and Technology Innovation
“Iranian offensive hacking activity, while not as technically advanced as Chinese or Russian activity, can still be potent. Social engineering and less technically sophisticated attack methods, such as typosquatting — creating domains with similar addresses to popular sites — can still be impactful, especially when paired with a willingness to work at high speed and an appetite for risk.” — Ari Ben Am, Adjunct Fellow, Center on Cyber and Technology Innovation
Iran Targets Israeli Military and Defense Officials
The Google report noted that 60 percent of APT42’s targets over the past six months were entities in the United States or Israel. The group intensified its efforts in April against Israeli targets, specifically Israelis connected to the military and defense sector, as well as diplomats, academics, and NGOs. APT42 goes after its targets with phishing campaigns that include hosting malware, phishing pages, and malicious redirects to gain access to the targets’ Google services, including Sites, Drive, and Gmail. The group often utilizes social engineering methods to trick its targets, masquerading as journalists, think tank researchers, and organizations that may be of interest to the target.
Trump Claims Campaign Hacked by Iran
In May and June, APT42 targeted the personal email accounts of roughly a dozen individuals affiliated with the Biden and Trump campaigns, including current and former government officials. TAG said it observed that APT42 had successfully gained access to the personal Gmail of “a high-profile political consultant.” TAG has previously disrupted APT42 targeting of the Trump and Biden campaigns during the 2020 election.
On August 10, former president Donald Trump’s election campaign said that some of its internal communications had been hacked. Politico and other news organizations received anonymous emails containing internal Trump campaign documents. The FBI said on August 12 that it had opened an investigation into efforts to hack the Trump, Biden, and —after Biden withdrew from the race — Harris campaigns. Trump himself told reporters on August 14 that the FBI had informed him that Iran was behind the leak.
Related Analysis
“Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election,” FDD Flash Brief
“Iranian Cyber Warfare Targeting Israel Seeks to Exploit Fears of Military Attack,” FDD Flash Brief
“Iran Orchestrating Online Campaign Against Israeli Olympic Athletes,” FDD Flash Brief
“Iran Obtains Advanced Cyber Warfare Capabilities from Russia,” FDD Flash Brief