US Intelligence Blames Iran for Hack on Trump Campaign

The FBI confirmed that Iran was behind a cyberattack against an adviser to former President Donald Trump, itself part of a larger set of attacks against 2024 US presidential campaigns, as the Iranian government attempts to disrupt the upcoming US elections.

Longtime Trump adviser Roger Stone reported about a week ago that his email had been hacked, with attackers infilitrating his account and impersonating him to target Trump's overall presidential campaign. In a joint statement, several federal intelligence agencies attributed these "recently reported activities to compromise former President Trump's campaign" to "increasingly aggressive Iranian activity during this election cycle."

The intelligence community "is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties," according to the statement published yesterday by the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA). "Such activity, including thefts and disclosures, are intended to influence the US election process."

The confirmation of Iran's involvement in attempts to disrupt the 2024 US presidential election is not surprising given that security researchers at Microsoft and Google already had discovered and reported it separately. On Aug. 9, Microsoft revealed that Iran-backed Charming Kitten/APT42 group, which is connected to the Islamic Revolutionary Guard Corps (IRGC), used the hacked email account of a former senior advisor to send malicious phishing emails to a high-ranking official in a presidential campaign, among other threat activity by the group.

Google's Threat Analysis Group (TAG) followed up that report up last week, claiming that Charming Kitten was behind attempts to log in to personal email accounts of about a dozen individuals affiliated with not only Trump but also President Biden and Vice President and presidential candidate Kamala Harris. The researchers did not name the officials targeted by activity, but said they included current and former US government officials as well as individuals associated with the respective campaigns.

Further Election Interference by Iran Likely

This year's elections are perceived by Iran "to be be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran's inclination to try to shape the outcome." That means there will be continued efforts by Iran-backed threat groups like Charming Kitten and others to disrupt the elections.

Russia-backed attacks on the presidential campaigns in 2016 that some believe led to Trump's victory are still fresh in the minds of federal officials, who want to avoid letting foreign entities have a say in US elections if they can help it. "Iran and Russia have employed these tactics not only in the United States during this and prior federal election cycles but also in other countries around the world," officials said in their statement.

Security experts have been warning for some time that cybercriminals would widely target the 2024 US elections, with technologies such as artificial intelligence, among others, making it easier for them to do so. There is, however, evidence to suggest that both campaigns are better prepared in 2024 to defend against such attacks than they were in previous elections.

Lest campaign officials and other election stakeholders forget, intelligence agencies reminded them in their statement that Iran's "increased intent to exploit our online platforms in support of their objectives" also means that they collectively "need to increase the resilience of those platforms."

Suggested methods of defense include using strong passwords and only official email accounts for official business; updating software regularly; avoid clicking on links or opening attachments from suspicious emails before confirming their authenticity with the sender; and using multifactor authentication.