Harris and Trump campaigns targeted by hackers as Iran ramps up election interference

Both Kamala Harris’ and Donald Trump’s election campaigns have been targeted by hackers, with the US FBI contacting both campaigns over attempts to steal sensitive data.

The incidents appear to be spear-phishing campaigns, with three Biden-Harris campaign staff targeted, as well as one-time Trump adviser Roger Stone, according to an anonymous source who spoke with NBC News.

The Harris campaign denied that the alleged hack was successful, however.

“We have robust cyber security measures in place and are not aware of any security breaches of our systems resulting from those efforts,” a campaign spokesperson told NBC News.

That said, multiple US media outlets were sent what appeared to be legitimate files from the Trump campaign, apparently stolen during a cyber intrusion. Roger Stone has also responded to the hacking claims.

“I was informed by the authorities that a couple of my personal email accounts have been compromised,” Stone told The Washington Post.

“I really don’t know more about it. And I’m cooperating. It’s all very strange.”

The FBI believes the source of the hacking is Iran, according to other sources close to US media, while the Trump campaign has also pointed the finger at the Middle Eastern nation, using a report released last week into Iranian election interference as proof.

VIEW ALL

What is Iran actually doing?

Microsoft’s Threat Analysis Center released a report last week titled ‘Iran steps into US election 2024 with cyber-enabled influence operations”, and it pretty much lays out what the country is doing in some detail, though it doesn’t mention party affiliations or specific victims/targets.

“Over the past several months, we have seen the emergence of significant influence activity by Iranian actors. Iranian cyber-enabled influence operations have been a consistent feature of at least the last three US election cycles,” Microsoft said in its 9 August report.

“Iran’s operations have been notable and distinguishable from Russian campaigns for appearing later in the election season and employing cyber attacks more geared toward election conduct than swaying voters. Recent activity suggests the Iranian regime – along with the Kremlin – may be equally engaged in election 2024.”

The Iranian campaigns – which the nation has strenuously denied – began in June 2024 and were led by four distinct threat actors.

Influence actor Sefid Flood began its staging in March 2024 for its US election operations. This group focuses on impersonating activist groups in an attempt to “sow doubt about election integrity”, while it may also branch out to inciting violence and intimidating political figures.

Another group is thought to be run directly by Iran’s Islamic Revolutionary Guard Corps. Microsoft accused Mint Sandstorm of targeting a “high-ranking official of a presidential campaign” via a phishing email from a compromised email account. This may be the Roger Stone incident mentioned above.

Mint Sandstorm was also observed targeting a “former presidential candidate” in June, which likely refers to Donald Trump. The threat actor attempted to log into the former candidate’s email account.

“Mint Sandstorm’s target selection and timing – days prior to phishing an active presidential campaign and months ahead of the election – suggest their attempted authentication may also be election-related.”

Mint Sandstorm is known to target senior officials in order to gather general intelligence, so it’s impossible to know for sure if this incident is purely related to the 2024 US election.

Another IRGC-linked threat actor, Peach Sandstorm – these are all of Microsoft’s nomenclature – targeted an individual user account at the local government level, this time in a swing state possibly vital to the election

“The compromise was part of a broader password spray operation from the group, and Microsoft Threat Intelligence did not observe any lateral movement or privilege escalation, making it difficult to determine whether it was election-related,” Microsoft said.

“While unclear if related, it is worth noting that the targeted county had undergone a race-related controversy that made national news this year.”

Lastly, the Storm-2035 network of websites has been targeting voters on both sides of the aisle, attempting to polarise voters on a raft of issues, from LGBTI rights to the Gaza conflict. The sites make extensive use of legitimate content altered by AI. AI also seems to be used to generate keywords and titles, as well as boost SEO.

According to Microsoft, both Chinese and Russian threat actors are also engaging in election interference operations.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.