By Robert McMillan 

Campaign staffers working on the presidential campaigns of Donald Trump and Joe Biden have been targeted with online attacks coming from Iran and China respectively, Google said, in a sign that the meddling four years ago in the U.S. presidential election by Russia could be pursued more widely this time.

Google said Thursday that the staffers were targeted with so-called phishing attacks that often are an attempt to gain access to online email accounts. They raise the specter of a repeat of the 2016 campaign, during which Russian hackers stole information from Democratic staffers and posted them online.

While neither China nor Iran are thought to have previously engaged in the kind of hacking and public dumping of emails that disrupted Hillary Clinton's presidential campaign four years ago, some cybersecurity experts believe that Russia's success in 2016 may spur copycat activity. The fact that the attacks targeted campaign staff should put campaigns on alert for a possible attempt to hack and dump information, said Graham Brookie, director of the Atlantic Council's Digital Forensic Research Lab. "It should be a major red flag."

Russia has denied interfering in the 2016 election.

The attacks don't appear to have been successful, Google, a unit of Alphabet Inc., said. The company has notified federal authorities and the targeted users of the attacks, said Shane Huntley, who runs Google's in-house counterespionage group, known as the Threat Analysis Group.

The Biden campaign was targeted by a China-based group, known as APT 31, Mr. Huntley said in a Twitter message on Thursday. This group has been linked by security companies to the Chinese government. The Trump campaign was targeted by an Iranian group called APT 35, he said. APT stands for advanced persistent threat, a shorthand used by cybersecurity professionals for sophisticated adversaries that are backed by nation-states.

These were "recent attempts and we saw a couple of targets on each campaign," a Google spokeswoman said, while declining to provide further details on the incidents.

The phishing attempts were recent and targeted a "couple" of personal email accounts belonging to staffers with each campaign, a Google spokeswoman said.

"We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them," a Biden campaign spokesman said in an email message.

The Trump campaign has been briefed on the attempt, a Trump spokesman said.

Microsoft Corp. in October said that at least one U.S. presidential campaign has been targeted by cyberattacks linked to the Iranian government. That attack targeted a staffer with the Trump campaign, according to a source familiar with the matter.

In April, a bipartisan report by the Senate Intelligence Committee concluded that Russia interfered in 2016 to help Donald Trump. Part of the campaign involved creating fake phishing email messages and webpages that masqueraded as Google, to trick Democratic staffers into typing in their Google passwords. Victims of the attacks, including Hillary Clinton's campaign chairman, John Podesta, later had their personal emails posted online.

Dumping those emails and other documents online was disruptive to campaign operations and was also used to seize control of the political narrative during the 2016 election, cybersecurity experts say.

While it is possible that the Chinese hackers may have been taking a page from the Russian playbook, it is more likely that they are conducting traditional espionage in hopes of gaining better knowledge of Mr. Biden's foreign policy perspective, said Dmitri Alperovitch, a former cybersecurity executive who investigated the Russian activities. "It's important not to jump to conclusions that this is election interference," he said. "Targeting of campaign staff is a timeworn tradition."

Iran, on the other hand, is "more of a question mark," Mr. Alperovitch said. "Iran has traditionally been much more willing to push the envelope and use cyber in nontraditional ways," he said.

Last year, Microsoft linked Iran to more than 200 destructive attacks in more than a half-dozen countries, including Saudi Arabia, Germany, the U.K., India and the U.S. And in 2018 Facebook Inc. removed dozens of bogus pages, run by Iran, that had been promoting politically charged messages to U.S. voters ahead of that year's midterm elections.

Russia itself has so far not been publicly linked to the type of activity in 2020 that the intelligence community and technology companies witnessed four years ago.

Russia, China and Iran have repeatedly denied launching cyberattacks against the U.S.

Last year, Facebook and Twitter took down hundreds of accounts they believe were part of a China-backed disinformation campaign aimed at antigovernment protesters.

More recently, China has been buying Facebook ads and virally promoting conspiracy theories about the new coronavirus to English speakers, moves reminiscent of Russian disinformation campaigns.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

(END) Dow Jones Newswires

June 04, 2020 19:38 ET (23:38 GMT)