State-backed hackers from China have been targeting the email accounts of campaign staffs of the US presidential candidate Joe Biden in hopes of stealing confidential information relating to the presidential election, Google revealed on Thursday.
The tech giant also confirmed previous reports that Iranian hackers had targeted President Trump's campaign, underscoring continued threat from foreign hackers in the 2020 election.
Shane Huntley, the head of Google's Threat Analysis Group (TAG), said in a tweet that they have observed China-backed APT31 group making phishing attempts on emails of Biden campaign staff, although the group was not successful in its attempts.
Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement. https://t.co/ozlRL4SwhG— Shane Huntley (@ShaneHuntley) June 4, 2020
Matt Hill, deputy national press secretary for the Biden campaign, said that the campaign staff was aware that hackers would attempt to target them.
"We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them," Hill stated.
"Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign's assets are secured."
APT31, also known as Zirconium or Hurricane Panda has been active since 2016, and has a history of targeting overseas firms to steal trade secrets from them.
According to Huntley, Google notified all targeted users after detecting hacking attempts, and also reported the incidents to the federal law enforcement agencies.
He also revealed that the Trump's campaign staff was targeted by the Iran-backed APT35 group.
This particular revelation is not very surprising as Microsoft disclosed last year that Iranian hackers had made over 2,700 attempts to identify the email accounts of US government officials, journalists, and accounts linked with American presidential campaigns.
While Microsoft refrained from naming the campaign at that time, Reuters and the New York Times identified the target as Trump's re-election campaign.
Campaign spokesman Tim Murtaugh said last year that there was no evidence to suggest that any campaign infrastructure was compromised.
APT35, also known as Newscaster, Charming Kitten, Phosphorus and NewsBeef, is an Iran-backed cyber-espionage group, which has typically targeted the US military, media houses, diplomatic personnel, defence organisations, and the telecoms sector. Last year, the group was observed adding new impersonation vectors to its repertoire in efforts to steal sensitive information from potential victims.
In 2018, threat intelligence specialists had also warned that Iran was developing a sophisticated 'hierarchy of hackers' and was gearing up to launch a new wave of cyberattacks against Western government organisations and businesses.
The group has threatened to sell Madonna's legal documents in a future auction
Hackers linked with Russian military intelligence are exploiting Exim mail transfer agent bug to target US organisations, NSA warns
The particular group is referred to as "Sandworm" in cyber security community
PipeMon is a modular backdoor that mimics print processing software
Hackers modify attack routine in attempt to deploy Ragnarok ransomware on networks protected by Sophos firewall
An SQL injection zero-day in the Sophos firewall was exploited to infiltrate corporate networks
Thought to have gained access access through compromised SSH credentials