Iran- and China-backed phishers try to hook the Trump and Biden campaigns

reader comments

16 with 12 posters participating

State-backed hackers from Iran and China recently targeted the presidential campaigns of Republican President Donald Trump and Democrat Joe Biden, a Google threat analyst said on Thursday.

The revelation is the latest evidence of foreign governments attempting to gain intelligence on US politicians and potentially disrupt or meddle in their election campaigns. An Iran-backed group targeted the Trump campaign and China-backed attackers targeted the Biden campaign, said Shane Huntley, the head of Google’s Threat Analysis Group on Twitter. Both groups used phishing emails. There’s no indication that either attack campaign succeeded.

Kittens and Pandas

Huntley identified the Iranian group that targeted Trump’s campaign as APT35, short for Advanced Persistent Threat 35. Also known as Charming Kitten, iKittens, and Phosphorous, the group was caught targeting an unnamed presidential campaign before, Microsoft said last October. In that campaign, Phosphorous members attempted to access email accounts campaign staff received through Microsoft cloud services. Microsoft said that the attackers worked relentlessly to gather information that could be used to activate password resets and other account-recovery services Microsoft provides.

The Chinese group known as APT31, meanwhile, targeted the Biden campaign, Huntley said. The group, which security researchers also call Hurricane Panda, Black Vine, and Zirconium, “is a highly advanced adversary” that in 2014 exploited a zeroday vulnerability in Microsoft Windows, researchers from security firm CrowdStrike said at the time.

Google responds

Huntley said that Google officials sent the campaigns the company’s standard warning that they were targeted by nation-based hacking. The company began the practice in 2012. To protect its

Continue reading – Article source