Illustration by Alex Castro / The Verge
Foreign hackers targeted the personal email accounts of staffers on the presidential campaigns of Democratic primary candidate Joe Biden and President Donald Trump, Reuters reported. It appears that state-backed hackers from China tried to target staffers on the Biden campaign, while Iranian hackers targeted the email accounts of Trump campaign staff.
Shane Huntley, the head of Google’s Threat Analysis Group, tweeted that the hackers had made phishing attempts on campaign staffers’ emails, but there had been “no sign of compromise.”
Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement. https://t.co/ozlRL4SwhG
— Shane Huntley (@ShaneHuntley) June 4, 2020
A Google spokesperson told The Verge the company had not seen evidence that any of the attempted attacks had been successful and that it had sent the information to federal law enforcement officials. “We encourage campaign staff to use extra protection for their work and personal emails, and we offer security resources such as our Advanced Protection Program and free security keys for qualifying campaigns,” the spokesperson said.
Matt Hill, deputy national press secretary for the Biden campaign, says the campaign was aware of the phishing attempt and had been braced for something like this to happen. “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them,” Hill told The Verge in an email, adding that the campaign takes cybersecurity seriously and “will remain vigilant against these threats.”
The Trump campaign did not immediately respond to a request for comment. This apparently wasn’t the first instance of Iranian hackers trying to access Trump campaign emails. Last year, Microsoft said an Iranian group — known alternately as Phosphorous, APT 35, or Charming Kitten — unsuccessfully tried to get into a presidential campaign’s emails. Reuters later identified the campaign in question as Trump’s.
Email hacking is a particularly fraught issue for US political campaigns after Russian hackers successfully phished the Democratic National Committee in 2016, exposing thousands of emails.