Iran-backed group targets Biden, Trump campaigns

Iran, not Russia, is proving to be the biggest nation-state threat to the U.S. presidential election in November. https://t.co/sTfRDFzqit

— Mark Dubowitz (@mdubowitz) August 19, 2024

The Iranian-backed hacking group APT42 has stepped up its phishing campaigns against high-profile targets in Israel and the United States over the past six months. APT42, which is linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), consistently targets current and former government officials, political campaigns, diplomats, and individuals working at think tanks and NGOs. Israel and the U.S. accounted for about 60% of APT42’s known geographic targeting between February and late July 2024.

Check out this story from USA TODAY: Hackers from Iran and Russia compete to sink, boost Donald Trump

Iran has emerged as the first hostile nation to hack a presidential candidate whose campaign is being boosted by another US adversary, experts sayhttps://t.co/diAa2Xcliw

— Josh Meyer (@JoshMeyerDC) August 18, 2024

The group intensely targeted users in Israel, particularly in April, focusing on individuals connected to the Israeli military, defense sector, diplomats, academics, and NGOs. APT42 employs a range of tactics to carry out their campaigns, including hosting malware and phishing pages on services like Google Drive, Gmail, Dropbox, and OneDrive. Steps have been taken to disrupt their activities, such as resetting compromised accounts and adding malicious domains to the Safe Browsing blocklist.

“As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42.”https://t.co/1OXBEUIUEn

— Lindsey O'Donnell Welch (@LindseyOD123) August 19, 2024

During the current U.S. presidential election cycle, APT42 has targeted personal email accounts of individuals affiliated with both President Biden and former President Trump, including government officials and campaign associates.

Iran-backed phishing targets high-profile campaigns

These activities have been reported to law enforcement, with ongoing monitoring and efforts to thwart phishing attempts. APT42’s success is attributed to their persistent and sophisticated social engineering tactics. They frequently create fake accounts and domains to appear credible to their targets, such as impersonating reputable organizations like the Washington Institute for Near East Policy and the Brookings Institution. The group uses various phishing kits designed to harvest credentials from platforms like Google, Hotmail, and Yahoo. Their latest tools support multi-factor authentication, device PINs, and one-time recovery codes, reflecting their ongoing development and sophistication. Awareness and enhanced security measures remain crucial to countering these sophisticated phishing campaigns. Continuous monitoring and proactive measures are being taken to disrupt APT42’s operations and secure affected accounts.