State-sponsored threat groups targeted email accounts of Trump and Biden campaign staff: Google

Biden campaign members says they are prepared for such attacks and were expecting them

State-backed hackers from China have been targeting the email accounts of campaign staffs of the US presidential candidate Joe Biden in hopes of stealing confidential information relating to the presidential election, Google revealed on Thursday.

The tech giant also confirmed previous reports that Iranian hackers had targeted President Trump's campaign, underscoring continued threat from foreign hackers in the 2020 election.

Shane Huntley, the head of Google's Threat Analysis Group (TAG), said in a tweet that they have observed China-backed APT31 group making phishing attempts on emails of Biden campaign staff, although the group was not successful in its attempts.

https://twitter.com/ShaneHuntley/status/1268589219842109440?ref\\_src=twsrc%5Etfw

Matt Hill, deputy national press secretary for the Biden campaign, said that the campaign staff was aware that hackers would attempt to target them.

"We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them," Hill stated.

"Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign's assets are secured."

APT31, also known as Zirconium or Hurricane Panda has been active since 2016, and has a history of targeting overseas firms to steal trade secrets from them.

According to Huntley, Google notified all targeted users after detecting hacking attempts, and also reported the incidents to the federal law enforcement agencies.

He also revealed that the Trump's campaign staff was targeted by the Iran-backed APT35 group.

This particular revelation is not very surprising as Microsoft disclosed last year that Iranian hackers had made over 2,700 attempts to identify the email accounts of US government officials, journalists, and accounts linked with American presidential campaigns.

While Microsoft refrained from naming the campaign at that time, Reuters and the New York Times identified the target as Trump's re-election campaign.

Campaign spokesman Tim Murtaugh said last year that there was no evidence to suggest that any campaign infrastructure was compromised.

APT35, also known as Newscaster, Charming Kitten, Phosphorus and NewsBeef, is an Iran-backed cyber-espionage group, which has typically targeted the US military, media houses, diplomatic personnel, defence organisations, and the telecoms sector. Last year, the group was observed adding new impersonation vectors to its repertoire in efforts to steal sensitive information from potential victims.

In 2018, threat intelligence specialists had also warned that Iran was developing a sophisticated 'hierarchy of hackers' and was gearing up to launch a new wave of cyberattacks against Western government organisations and businesses.