Google’s security researchers say state-backed hackers from Iran and China have targeted the Trump and Biden presidential campaigns, respectively. The state-backed actors sent phishing scam attempts to the personal email accounts of campaign staff. According to Google, there are no signs that the attempts were successful, and Google has notified both campaigns.
Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement. https://t.co/ozlRL4SwhG— Shane Huntley (@ShaneHuntley) June 4, 2020
Even if the attempts were not successful, they are significant, especially given how hackers were able to interfere with the 2016 election. Google recommends campaign staff use extra security measures, like its Advanced Protection Program, and the company is still offering free security keys to qualifying campaigns. Facebook has also outlined its 2020 election “protections.” But we’ve already seen how easy it is to breach election machines, and then there is disinformation to contend with.
Earlier this year, a Senate report found that the Obama administration was not well-prepared to handle the unprecedented election interference in 2016. The administration allegedly suffered from “paralysis of analysis.” It’s clear that hackers are already trying to interfere with the next presidential election. Time will tell if the US has learned enough to prevent foreign meddling this time around.
A full statement provided to Engadget by a Google spokesperson is below:
“We can confirm that our Threat Analysis Group recently saw phishing attempts from a Chinese group targeting the personal email accounts of Biden campaign staff and an Iranian group targeting the personal email accounts of Trump campaign staff. We didn’t see evidence that these attempts were successful. We sent the targeted users our standard government-backed attack warning and we referred this information to federal law enforcement. We encourage campaign staff to use extra protection for their work and personal emails, and we offer security resources such as our Advanced Protection Program and free security keys for qualifying campaigns.”