Tech company says it sent targeted users a ‘government-backed attack warning,’ found no evidence the phishing attempts were successful
By Frank Bajak, 05 jUNE 2020
BOSTON (AP) — Google said state-backed hackers have targeted the campaigns of both US President Donald Trump and former vice president Joe Biden, although it saw no evidence that the phishing attempts were successful.
The company confirmed the findings after the director of its Threat Analysis Group, Shane Huntley, disclosed the attempts Thursday on Twitter.
Huntley said a Chinese group known as Hurricane Panda targeted Trump campaign staffers while an Iranian outfit known as Charming Kitten had attempted to breach accounts of Biden campaign workers. Such phishing attempts typically involve forged emails with links designed to harvest passwords or infect devices with malware.
The effort targeted personal email accounts of staffers in both campaigns, according to the company statement. A Google spokesman added that “the timeline is recent and that a couple of people were targeted on both campaigns.” He would not say how many.
Google said it sent targeted users “our standard government-backed attack warning” and referred the incidents to federal law enforcement.
Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab, called the announcement “a major disclosure of potential cyber-enabled influence operations, just as we saw in 2016.”
His tweet referred to the Russian hacking of the Democratic National Committee and Hillary Clinton’s 2016 presidential campaign and subsequent online release of internal emails — some doctored — that US investigators determined sought to assist the Trump campaign.
Neither the Biden nor the Trump campaign would not say how many staffers were targeted, when the attempts took place or whether the phishing was successful.
Both campaigns have been extremely reticent about discussing cybersecurity.
“The Trump campaign has been briefed that foreign actors unsuccessfully attempted to breach the technology of our staff,” the campaign said in a statement. “We are vigilant about cybersecurity and do not discuss any of our precautions.”
The Biden campaign did not even confirm the attempt.
“We are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff,” it said in a statement. “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them.”
Hurricane Panda, also known by security researchers as Zirconium or APT31 — an abbreviation for “advanced persistent threat” — is known for focusing on intellectual property theft and other espionage. Charming Kitten, also known as Newscaster and APT35, is reported to have targeted US and Middle Eastern government officials and businesses, also for information theft and spying.
In October, Microsoft said hackers linked to Iran’s government had targeted a US presidential campaign and the New York Times and Reuters identified the target as Trump’s re-election campaign. Campaign spokesman Tim Murtaugh said at the time that there was “no indication that any of our campaign infrastructure was targeted.”
A former director of the National Security Agency, Keith Alexander, said Thursday during an online seminar that he fully expects geopolitical rivals of the US to take advantage of the COVID-19 crisis and unrest in the US.
“This is an increased time I think for adversaries to hurt our country and I do think they will take that during elections,” he said.