Based on a report by Microsoft, the Trump campaign is claiming that foreign state-backed hackers are behind the attack that involved a leak of a vice presidential vetting dossier and other materials to US media outlets. This contention is supported by the FBI’s public acknowledgement that it has been investigating attempts by Iran on both the Trump and Democrat candidate campaigns since at least June, though it has not yet attributed this particular incident to a state-backed group.
FBI investigation, Microsoft security report points to Iranian election interference
The FBI disclosed on August 12 that it has been investigating hacking attempts on both the Harris and Trump campaigns throughout the summer, with attempts on the former starting when incumbent Joe Biden was still the presumptive nominee. The agency says that members of the Biden-Harris campaign received three spearphishing emails in June that appeared to originate from an Iranian group, but none were successful in breaching their targets.
The FBI has not clearly attributed the breach of the Trump campaign to Iran, but did confirm it is running a more broad investigation into attempts by suspected Iranian hackers. The campaign confirmed the breach on August 10, after an individual calling themselves “Robert” and using an AOL email account approached the Washington Post, New York Times and Politico offering stolen documents. The Trump team did not initially alert the FBI and kept the incident under wraps for several days, citing distrust of the agency.
Part of the Iranian hacking campaign appears to have been the compromise of two personal email accounts belonging to author and political strategist Roger Stone, a personal friend of Trump and former advisor during prior election cycles. Stone confirmed that his personal accounts were breached and used to send phishing emails to Trump campaign members, something that he said the FBI investigation attributed to Iran.
The evidence for Iran’s involvement is bolstered by a recent report from Microsoft’s security team warning that it had identified attempts from the country on the email account of a high-ranking member of the Trump campaign in June. Microsoft did not disclose whether or not the attempt was successful.
Iran has been accused by US intelligence officials of prior attempts at election interference, specifically intervening in 2020 to harm the Trump campaign and cause general societal disturbance. Iran has tended to favor the Democrat candidates in recent elections given Trump’s hardline approach to dealings with the country, which included the early 2020 assassination of high-ranking general Qasem Soleimani in response to a series of rocket attacks on US forces stationed in Iraq.
Iran has escalated to attempts on the lives of politicians since the Soleimani incident. In 2022, a member of the country’s military was arrested as part of an alleged scheme to assassinate Trump national security advisor John Bolton. A Pakistani man who may have ties to Iran was also arrested in Brooklyn just ahead of the unrelated attempt on Trump’s life on July 13, after he had contacted FBI agents posing as killers for hire.
Revenge is not the only thing on the minds of the Iranians, as a potential military conflict with Israel looms. Trump has expressed strong and consistent support for Israel and for providing it with continued military aid, suggesting a greatly increased likelihood of significant US involvement should a major conflict break out.
Media has chosen to withhold Trump campaign documents
The Washington Post confirmed that the Trump campaign hacker passed it a 271-page dossier created as part of the vetting process of eventual Vice Presidential candidate J.D. Vance. Media sources have thus far opted not to make the contents of these documents public and have limited reporting on them, citing a likely attempt at election interference and questionable newsworthiness of the contents. A Washington Post editor said that the Vance dossier was mostly a collection of previously known public statements and was not particularly of interest. “Robert” has refused to elaborate on how they obtained the documents, and Iran has disavowed any involvement through its United Nations contact.
Microsoft believes the Iranian group involved is “Mint Sandstorm,” also sometimes called “Phosphorous” or “Charming Kitten.” This is an established APT group long known for espionage and targeting of Iranian dissidents, and was active in a major campaign in early 2024 targeting universities and research organizations in the Middle East.
In terms of foreign cyber threats, the 2024 election season has thus far appeared to be notably quieter than the 2016 and 2020 campaigns as the major players (Russia and China) seem to be putting in less effort at interference than usual.
But Aleksandr Yampolskiy, CEO of SecurityScorecard, cautions that these campaigns often ramp up as the election date draws closer: “Foreign state actors and adversaries will inevitably try to infiltrate political campaigns. Therefore, adopting a resilience – instead of robustness – mindset is essential. Assume that an attacker will sooner or later break into your campaign’s infrastructure, but make it difficult for hackers to extract valuable information. One effective tactic is using “decoy documents” to trigger alerts when an unauthorized user accesses them or to confuse hackers by blending decoys with real data.”
“Securing the IT infrastructure of state governments is crucial for maintaining election integrity, especially in battleground states. Unfortunately, public sector systems are often complex and slow to secure. Attackers only need one weak spot to exploit, while defenders must secure every potential vulnerability. Many attacks rely on sophisticated phishing emails or deepfake audio and video to trick campaign staff into divulging sensitive information or infecting their computers. As the saying goes, ‘What you can’t measure, you can’t improve.’ It’s vital for the public sector to use security KPIs to measure and manage risk effectively,” added Yampolskiy.
Max Gannon, Cyber Intelligence Team Manager at Cofense, adds: “Government targets always need to be well protected, but around election time security becomes even more important as threat actors often target them more than usual. This is particularly a problem for smaller county-level government employees who may not have the resources or training that members of larger political campaigns often do. While compromising a target like a local government employee may not seem like a threat to large-scale political campaigns, it gives threat actors access to a verified .gov email account which can enable them to produce significantly more effective spear phishing emails when they attack their primary targets. The tactic of using a hyperlink to direct traffic to a threat actor-controlled domain that steals credentials and then redirects to the legitimate website is not new but it is a tactic that is far more effective than simply ending the attack chain with a 404 like threat actors used to do.”
For its own part, the Trump campaign has said that it has brought on outside cybersecurity consultants to implement additional security measures. It has also provided new training to staff regarding handling of sensitive documents and information as well as the likelihood of phishing attempts by foreign adversaries.

