Google Threat Analysis Group researchers warn that Chinese and Iranian hackers are targeting campaign staffers for both President Donald Trump and Presidential candidate Joe Biden with phishing emails.
Shane Huntley, director for Google’s Threat Analysis Group, said in a tweet that Chinese and Iranian advanced persistent threat (APT) groups recently targeted the campaigns using malicious phishing emails. But, Huntley said, there are “no signs of compromise,” and that both campaigns and law enforcement were alerted to the attempts.
In a follow up tweet, Huntley confirmed that the hackers were identified as China's APT31 and Iran's APT35.
Chris Hazelton, Director of Security Solutions at Lookout, says, “Phishing is often the first step in any cybersecurity attack. Mobile phishing has increased as an approach of malicious actors to steal user credentials by tricking users into entering those credentials into fake cloud services portal used by political campaigns. There has been a significant increase in mobile phishing attacks among political campaigns that are using Lookout. Mobile phishing encounter rates on iOS and Android have increased 45 percent from 4Q2019 to 1Q2020 by political campaign users protected by Lookout.”
Charles Ragland, Security Engineer at Digital Shadows notes that APT groups targeting political campaigns is nothing new. "These groups may be looking to use information that they obtain to sow discord in the country of the ongoing campaign. They may also use it for more traditional intelligence collection to inform other actions. As more and more communication is done online, this trend is likely to continue,” Ragland says.