State-sponsored hackers from China and Iran are trying to infiltrate the campaigns of Joe Biden and President Trump, according to Google.
Hackers have been trying to trick campaign staffers with phishing scams, says Shane Huntley, director of Google’s threat analysis group. A suspected Chinese hacking group, known as APT 31 or “Zirconium,” is targeting Biden’s campaign; a separate group likely based in Iran, known as APT 35 or “Charming Kitten,” is trying to hack into the Trump campaign.
Fortunately, the phishing attempts failed. “No sign of compromise,” Huntley said in a tweet. “We sent users our govt attack warning and we referred to fed law enforcement.”
Google refrained from releasing more details about the phishing attacks. But in a statement, it said the intrusion attempts were “recent,” and tried to hijack the personal email accounts belonging to both the Biden and Trump campaign staffers.
“We sent the targeted users our standard government-backed attack warning and we referred this information to federal law enforcement,” the company added. “We encourage campaign staff to use extra protection for their work and personal emails, and we offer security resources such as our Advanced Protection Program and free security keys for qualifying campaigns.”
Google has stepped up its effort to protect users after suspected Russian hackers broke into a Gmail account belonging to John Podesta, chairman of Hillary Clinton’s campaign. Podesta received a fake email claiming to be from Google about a hijacking attempt, which managed to fool a staffer into submitting the login credentials for the Gmail account into a dummy login page.
In return, the hackers were able to loot and then leak Podesta’s emails during the campaign. Other phishing attacks can involve sending emails that contain a link or attachment to download malware, which can then secretly take over a computer.
The China-based APT 31 is known to go after intellectual property. Meanwhile, APT 35 was recently found trying to pose as journalists through fake emails. The intended goal has been to trick victims into visiting fake login pages that can secretly capture their passwords.
The Biden campaign told PCMag it was not surprised by the intrusion attempts. “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign’s assets are secured,” the campaign said in a statement.
The Trump campaign did not immediately respond to a request for comment.