Google (NASDAQ:GOOGL)'s Threat Analysis Group (TAG) has reported that an Iranian state-sponsored hacking group, Charming Kitten, has targeted the 2024 US presidential campaigns of Donald Trump, Joe Biden, and Kamala Harris.
The group, also known as APT35, "consistently targets high-profile users in Israel and the US," the TAG writes.
Associated with the Islamic Revolutionary Guard Corps, APT35 uses malware, phishing website and malicious link redirects among many other techniques.
"Today, TAG continues to observe unsuccessful attempts from APT42 to compromise the personal accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump, including current and former government officials and individuals associated with the campaigns.”
Foreign election interference
TAG's findings are part of a broader pattern of foreign interference in US elections, with the primary goal being to disrupt the democratic process.
Google has responded by notifying the affected campaigns and warning the cybersecurity community to bolster defences against such threats.
Last week, the Trump Presidential Campaign alleged it’s internal campaign communications had been leaked in an email phishing hack.
Read: Tech Bytes: Trump Presidential campaign hacked; research dossier on VP pick JD Vance leaked
Major mastheads including Politico (who broke the story), The Washington Post, and The New York Times have all reported being offered documents from the campaign, a sharp echo of Hilary Clinton’s email hack in 2016.
The hacking group is a known entity, having also participated in election interference attempts during the 2020 campaign.
“Both the Iranian APT35 and Chinese APT31 “targeted campaign staffers’ personal emails with credential phishing emails and emails containing tracking links,” the TAG report reads.
“As part of our wider tracking of APT31 activity, we've also seen them deploy targeted malware campaigns.
“Overall, we’ve seen increased attention on the threats posed by APTs in the context of the US election,” TAG cautioned.
“US government agencies have warned about different threat actors, and we’ve worked closely with those agencies and others in the tech industry to share leads and intelligence about what we’re seeing across the ecosystem.
“This has resulted in action on our platforms, as well as others.”