Nation state hackers originating from foreign governments have launched phishing attacks against campaign staff belonging to US presidential candidates Joe Biden and Donald Trump, according to observations by the Google Threat Analysis Group (TAG). While ultimately unsuccessful, the attacks have prompted mixed responses from the campaigns involved and have raised fresh alarm about cybersecurity preparedness among presidential candidates and their susceptibility to nation state hackers more broadly.
News of the incidents first emerged when Shane Huntley, head of Google TAG, announced that nation state hackers believed to be originating from China and Iran had launched cyberattacks against the Biden and Trump campaigns respectively.
According to Google TAG, no signs have yet emerged indicating that the cyberattacks had been successful, pointing out that the targeted users were notified about the attacks over Gmail’s built-in message for signaling attacks by nation state hackers—referred to as “state-sponsored” attackers—and that US law enforcement agencies had also been alerted.
“Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement,” Huntley wrote in a Tweet on June 4.
What we know about the attackers
According to Huntley, who followed-up on the reports in a subsequent Tweet later that day, the nation state hackers involved had been identified as APT31 from China, and APT35 from Iran. As their categorization suggests, both of the groups are known to cybersecurity professionals specializing in nation state hackers and are believed to have targeted government officials in the past.
APT35, for example, also known as the ‘Newscaster Team’, has been known since as early as 2014, according to a database gathered by German risk firm Fraunhofer FKIE. Backed by the Iranian regime, the group is known to launch “long term, resource-intensive operations” in order to collect strategic intelligence, particularly from targets in the US.
APT31, on the other hand, is linked to the Chinese government, and is specialized in carrying out intellectual property theft in order to help specific Chinese industries gain a competitive advantage, says Fraunhofer.
Presidential campaigns respond
Both the presidential campaigns of Donald Trump and Joe Biden have responded to the separate incidents, with neither campaign providing significant detail alluding to the impact of the incidents, nor whether they had stepped up cybersecurity readiness in light of the events.
According to spokesperson for the Biden campaign, who spoke to news website TechCrunch, campaign staffers were indeed targeted by foreign nation state hackers and, as a result, they will remain heedful going forward.
“We are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff,” the spokesperson said. “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign’s assets are secured.”
The Trump campaign similarly confirmed to the online publisher that “foreign actors unsuccessfully attempted to breach the technology of our staff,” but stopped short of providing any further details. The Trump campaign likewise confirmed to ZDNet on the same day that, while they had been aware of the attacks, they nevertheless declined to “discuss any of our precautions”.
Google warns of nation state hackers
Shane Huntley went on to express his concern over the rise of phishing attacks across the board, laying out the rationale for Google’s improvements in email security and offering advice to users in order to better protect themselves from such attacks.
In a security blog post appended to his Tweet, Huntley went even further, adding that aside from phishing attacks, a “small minority of users in all corners of the world” have recently suffered from attacks by “sophisticated government-backed attackers”, origination from “dozens” of countries.
Google urged its users to pay close attention should they receive a warning from Google TAG directly, adding that such exchanges could potentially be high stakes if nation state hackers are involved. “We hope you never receive this type of warning, but if you do, please take action right away to enhance the security of your accounts,” Huntley wrote.
Insofar as preparedness goes, Google TAG recommends that all users enable multi-factor authentication, in order to add a layer of protection, especially if a person is working on a presidential campaign. “If you are working on a campaign this election cycle, your personal accounts may be targeted. Use the best protection you can. Two factor authentication or Advanced Protection really can make a difference,” he advised.