USNational Security

Iran Is Hacking US Officials and Political Campaigns: Security Advisory

The warning by multiple agencies comes amid Iran’s ongoing cyber operations aimed at interfering with U.S. elections.
Save
Iran Is Hacking US Officials and Political Campaigns: Security Advisory
Iranian soldiers march past Iranian President Ebrahim Raisi during a military parade as part of a ceremony marking the country’s annual army day, in Tehran, Iran, on April 17, 2024. Atta Kenare/AFP/Getty Images
Naveen Athrappully
Updated:

Iran is engaging in “malicious cyber activity” against key American individuals such as government officials and those involved in political campaigns, according to a joint cybersecurity advisory issued by multiple U.S. agencies and a UK agency.

The hackers, who seek access to personal or business accounts, are working on behalf of Tehran’s Islamic Revolutionary Guard Corps (IRGC), the Sept. 27 advisory said.
The IRGC was founded in 1979 to defend the country’s Islamic Revolution and is known to fund militant groups in Iraq, Palestinian territories, Syria, Lebanon, Yemen, and Afghanistan. The cyber threats are directed against individuals with a “nexus to Iranian and Middle Eastern affairs,” the advisory noted. This includes current and former senior government officials, activists, lobbyists, journalists, and think tank personnel.

The FBI has also observed these threat actors targeting people associated with U.S. political campaigns.

“The cyber actors working on behalf of the IRGC gain access to victims’ personal and business accounts using social engineering techniques, often impersonating professional contacts on email or messaging platforms,” the advisory said.

“In addition, these actors might attempt to impersonate known email service providers to solicit sensitive user security information on email or messaging platforms.”

Related Stories
China-Backed Group Hacked Over 9,000 Devices in Canada as Part of Global Operation, FBI Says
9/29/2024
China-Backed Group Hacked Over 9,000 Devices in Canada as Part of Global Operation, FBI Says
DOJ Charges Iranians Over Hack of Presidential Campaign
9/27/2024
DOJ Charges Iranians Over Hack of Presidential Campaign

The joint advisory was issued by the FBI, the U.S. Cyber Command-Cyber National Mission Force, the U.S. Treasury Department, and the UK’s National Cyber Security Centre.

The hackers could impersonate individuals known to victims, portraying them as associates or family members. Victims may receive interview requests from accounts of well-known journalists, invitations to embassy events or conferences, and speaking engagement requests.

“The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials,” the advisory said.

The victims may be prompted to input two-factor authentication codes, asked to send the codes via a messaging app, or interact with phone notifications so that cyber actors gain access to their accounts.

“Victims sometimes gain access to the document but may receive a login error,” the advisory said.

The warning was issued just days after U.S. prosecutors charged three Iranians for allegedly hacking a U.S. presidential campaign. Court documents obtained by The Epoch Times show that the individuals worked with the IRGC. The documents do not identify which presidential campaign was targeted.
Earlier this month, the FBI revealed that Iran-based hackers targeted former President Donald Trump’s 2024 presidential campaign. The hackers also allegedly tried to deliver stolen information to the Biden campaign.
On Sept. 27, the U.S. Treasury sanctioned seven Iranian regime agents for attempting to interfere in the 2024 and 2020 presidential elections. The individuals attempted to “undermine confidence in the United States’ election processes and institutions,” the department said.

Iranian Hacking Threat

In August, multiple U.S. agencies issued a warning that cyber actors from Iran were looking to exploit U.S. and foreign organizations, targeting sectors such as education, health care, finance, and defense.

The FBI assessed that these groups’ activities against U.S. entities were aimed at eventually engaging in ransomware operations.

Earlier in April, the U.S. Treasury Department’s Office of Foreign Assets Control sanctioned four individuals and two companies found to be involved in “malicious” cyber activity on behalf of the IRGC Cyber Electronic Command.

Using malware and phishing attacks, the threat actors tried to hack into more than two dozen U.S. companies and government entities.

“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said at the time.

“The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks’ operations.”

In February, the U.S. Department of Justice charged an Iranian national for carrying out a “multi-year hacking campaign” that targeted U.S. defense contractors and private sector companies. The defendant allegedly carried out the attacks while employed at an Iranian company that offered cybersecurity services.

More than a dozen U.S. companies and the Treasury and State departments were targeted. In one incident, the defendant and co-conspirators compromised more than 200,000 employee accounts.

The group used social engineering tactics as part of its attacks, including impersonating other people to secure the confidence of the victims.

Zachary Stieber contributed to this report.
Naveen Athrappully
Naveen Athrappully
Author
Naveen Athrappully is a news reporter covering business and world events at The Epoch Times.