Presidential Campaigns Targeted by Suspected Chinese, Iranian Hackers -- Update
June 04 2020 - 7:53PM
Dow Jones News
By Robert McMillan
Campaign staffers working on the presidential campaigns of
Donald Trump and Joe Biden have been targeted with online attacks
coming from Iran and China respectively, Google said, in a sign
that the meddling four years ago in the U.S. presidential election
by Russia could be pursued more widely this time.
Google said Thursday that the staffers were targeted with
so-called phishing attacks that often are an attempt to gain access
to online email accounts. They raise the specter of a repeat of the
2016 campaign, during which Russian hackers stole information from
Democratic staffers and posted them online.
While neither China nor Iran are thought to have previously
engaged in the kind of hacking and public dumping of emails that
disrupted Hillary Clinton's presidential campaign four years ago,
some cybersecurity experts believe that Russia's success in 2016
may spur copycat activity. The fact that the attacks targeted
campaign staff should put campaigns on alert for a possible attempt
to hack and dump information, said Graham Brookie, director of the
Atlantic Council's Digital Forensic Research Lab. "It should be a
major red flag."
Russia has denied interfering in the 2016 election.
The attacks don't appear to have been successful, Google, a unit
of Alphabet Inc., said. The company has notified federal
authorities and the targeted users of the attacks, said Shane
Huntley, who runs Google's in-house counterespionage group, known
as the Threat Analysis Group.
The Biden campaign was targeted by a China-based group, known as
APT 31, Mr. Huntley said in a Twitter message on Thursday. This
group has been linked by security companies to the Chinese
government. The Trump campaign was targeted by an Iranian group
called APT 35, he said. APT stands for advanced persistent threat,
a shorthand used by cybersecurity professionals for sophisticated
adversaries that are backed by nation-states.
These were "recent attempts and we saw a couple of targets on
each campaign," a Google spokeswoman said, while declining to
provide further details on the incidents.
The phishing attempts were recent and targeted a "couple" of
personal email accounts belonging to staffers with each campaign, a
Google spokeswoman said.
"We have known from the beginning of our campaign that we would
be subject to such attacks and we are prepared for them," a Biden
campaign spokesman said in an email message.
The Trump campaign has been briefed on the attempt, a Trump
spokesman said.
Microsoft Corp. in October said that at least one U.S.
presidential campaign has been targeted by cyberattacks linked to
the Iranian government. That attack targeted a staffer with the
Trump campaign, according to a source familiar with the matter.
In April, a bipartisan report by the Senate Intelligence
Committee concluded that Russia interfered in 2016 to help Donald
Trump. Part of the campaign involved creating fake phishing email
messages and webpages that masqueraded as Google, to trick
Democratic staffers into typing in their Google passwords. Victims
of the attacks, including Hillary Clinton's campaign chairman, John
Podesta, later had their personal emails posted online.
Dumping those emails and other documents online was disruptive
to campaign operations and was also used to seize control of the
political narrative during the 2016 election, cybersecurity experts
say.
While it is possible that the Chinese hackers may have been
taking a page from the Russian playbook, it is more likely that
they are conducting traditional espionage in hopes of gaining
better knowledge of Mr. Biden's foreign policy perspective, said
Dmitri Alperovitch, a former cybersecurity executive who
investigated the Russian activities. "It's important not to jump to
conclusions that this is election interference," he said.
"Targeting of campaign staff is a timeworn tradition."
Iran, on the other hand, is "more of a question mark," Mr.
Alperovitch said. "Iran has traditionally been much more willing to
push the envelope and use cyber in nontraditional ways," he
said.
Last year, Microsoft linked Iran to more than 200 destructive
attacks in more than a half-dozen countries, including Saudi
Arabia, Germany, the U.K., India and the U.S. And in 2018 Facebook
Inc. removed dozens of bogus pages, run by Iran, that had been
promoting politically charged messages to U.S. voters ahead of that
year's midterm elections.
Russia itself has so far not been publicly linked to the type of
activity in 2020 that the intelligence community and technology
companies witnessed four years ago.
Russia, China and Iran have repeatedly denied launching
cyberattacks against the U.S.
Last year, Facebook and Twitter took down hundreds of accounts
they believe were part of a China-backed disinformation campaign
aimed at antigovernment protesters.
More recently, China has been buying Facebook ads and virally
promoting conspiracy theories about the new coronavirus to English
speakers, moves reminiscent of Russian disinformation
campaigns.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
June 04, 2020 19:38 ET (23:38 GMT)
Copyright (c) 2020 Dow Jones & Company, Inc.