Critical Infrastructure Security, Phishing, Threat Intelligence

Trump campaign said senior staffer hacked by Iran-backed APT

Share

Former president Donald Trump’s campaign reported Saturday Iran-based hackers compromised a senior staffer’s email account and stole a 271-page vetting dossier for JD Vance dated Feb. 23. Trump campaign representatives cited a Friday Microsoft report warning Iran had stepped up efforts to manipulate this year’s U.S. presidential election.

“These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process,” said Steven Cheung, a Trump campaign spokesperson in a statement.

The contents of the documents reportedly included “internal communications from a senior Trump campaign official,” according to a report by Politico, which received copies of the stolen documents by a hacker with the moniker “Robert”

Hacked documents

Hacked documents shared with Politico and other media outlets were confirmed with the Trump campaign as authentic. The news agency said the hacker Robert, using an AOL account, first began sending stolen documents to the media outlet on July 22.

The hacker claimed it had additional stolen data that included a “variety of documents from [Trump’s] legal and court documents to internal campaign discussions,” according to Politico.

The Microsoft report cited by Trump campaign officials, titled “Iran Targeting 2024 US Election (PDF)”, stated that foreign agents had stepped up efforts to influence the 2024 U.S. election in the past six months. Those efforts “started off slowly but has steadily picked up pace over the last six months due initially to Russian operations, but more recently from Iranian activity,” Microsoft wrote.  

Microsoft said it observed in June that the advanced persistent threat group Mint Sandstorm (believed to be associated with Iran's Islamic Revolutionary Guard Corps intelligence unit) “sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.”

“The phishing email contained a fake forward with a hyperlink that directs traffic through an actor-controlled domain before redirecting to the listed domain. Mint Sandstorm similarly targeted a presidential campaign in May and June 2020 five to six months ahead of the last US presidential election,” Microsoft wrote.

Microsoft has declined to make any link to its recent report and the Trump campaign's reported election campaign hack.

U.S. elections in the hacker crosshairs

Justin Endres, CRO at cybersecurity firm Seclore said the recent incident demonstrates continued efforts by nation-states to disrupt the U.S. elections dating back to 2016.

“To date, the examples of insider threat activity related to the election process have been primarily domestic in nature, both in terms of the actor and the motivations. However, since at least 2016, a growing number of foreign adversaries have continued to monitor election networks and attempted to influence or interfere in U.S. elections,” Endres said.

Private security analyst Chris Krebs, chief intelligence officer with SentinelOne and former head of CISA during the Trump administration, told CBS News Sunday that Iran and other foreign adversaries were looking to repeat the 2016 Russian playbook of election interference with the goal of “stoking the fires among society.”

Microsoft put it more bluntly in its Friday report stating: “Iranian actors will employ cyberattacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues. Here’s what we’ve seen thus far in 2024 from Iranian actors with respect to the upcoming US election.”

Tom Spring, Editorial Director

Tom Spring is Editorial Director for SC Media and is based in Boston, MA. For two decades he has worked at national publications in the leadership roles of publisher at Threatpost, executive news editor PCWorld/Macworld and technical editor at CRN. He is a seasoned cybersecurity reporter, editor and storyteller that aims always for truth and clarity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.