Google Reports Iranian Cyber Attacks on US Political Figures

New York: Google has confirmed that an Iranian group linked to the country's Revolutionary Guard has attempted to access the personal email accounts of several individuals associated with President Joe Biden, former President Donald Trump, and Vice President Kamala Harris since May. The tech company's Threat Analysis Group revealed that this group, still active, has targeted current and former government officials as well as presidential campaign affiliates.

This report builds on a similar finding by Microsoft, which disclosed suspected Iranian cyber intrusions affecting the US presidential election. Google identified a pattern of email credential phishing attacks—where attackers pose as trusted senders to obtain login details.

John Hultquist, Google’s chief analyst for threat intelligence, explained that the company alerts potential victims with Gmail popups warning of possible government-backed attempts to steal passwords. The Iranian group, identified as APT42 by Google and Mint Sandstorm by Microsoft, has previously targeted both Biden and Trump campaigns.

The report also mentioned that the group has been involved in broader cyber espionage activities, particularly in the Middle East. Recent escalations include phishing campaigns aimed at Israeli diplomats and military affiliates amid the ongoing Israel-Hamas conflict.

While Trump’s campaign has claimed that it was hacked and sensitive documents were stolen, and Politico has received such documents, it remains unclear if they are directly related to the Iranian cyber activity. The Trump campaign has not provided specific evidence linking Iran to these breaches.

The FBI is investigating these intrusions, and although Harris’ campaign has not confirmed any state-based attacks, it continues to monitor cyber threats closely. Iran’s mission to the UN has denied involvement, stating that it does not engage in activities aimed at interfering with the US presidential election.