Google: Biden and Trump campaigns targeted by separate spearphishing campaigns

Written by

Hackers linked with China and Iran have been sending malicious spearphishing emails to staff on Joe Biden and President Donald Trump’s campaigns respectively, according to a researcher with Google’s Threat Analysis Group.

Chinese government-linked hackers have been targeting Biden’s staffers, whereas Iranian government-linked hackers have been targeting Trump’s campaign, according to Shane Huntley, the Director of Google’s Threat Analysis Group.

There is no evidence that the hacking attempts have resulted in compromises, Huntley said.

This is just the latest warning from security researchers and the U.S. intelligence community that foreign government-backed hackers are interested in targeting various U.S. presidential campaigns during the 2020 election cycle, in what is turning out to be a tumultuous year for American citizens amid economic turmoil, the coronavirus pandemic, and mass protests about racism.

“We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them,” the Biden campaign said in a statement on the spearphishing.

The Biden campaign is being targeted by a group known as APT31 or Zirconium, a cyber-espionage group that has been known to target telecommunications and technology companies, according to CrowdStrike.

In the past 45 days, the hacking group has been “very very busy,” according to one Microsoft Threat Intelligence Center analyst.

The Iranian actors targeting Trump’s re-election campaign are known as APT35 or Charming Kitten. That group has targeted accounts associated with the Trump campaign in the past, according to Reuters. Historically, Charming Kitten has been known to target energy, government, and technology sectors, according to MITRE.

In recent months, the group has also targeted cybersecurity researchers that investigate their intrusions, and has previously focused on others with an interest in Iran, such as journalists and activists. Charming Kitten has also been known to go after businesses and government agencies.

In past intrusions, the Chinese actors have continued attacking targets even after remediation, according to CrowdStrike.

“The determination of this China-based adversary is truly impressive: they are like a dog with a bone,” Dmitri Alperovitch, co-founder of CrowdStrike, wrote in a 2015 analysis of the group.

It wasn’t clear what the Chinese actors were after in Biden’s campaign, but in previous campaigns Hurricane Panda has moved laterally once inside victim networks and stolen credentials.

Google has referred the targeting to law enforcement, Huntley said.

The Trump campaign did not return requests for comment.