Iran Is Hacking US Officials and Political Campaigns: Security Advisory

The warning by multiple agencies comes amid Iran’s ongoing cyberoperations aimed at interfering with U.S. elections.
Iran Is Hacking US Officials and Political Campaigns: Security Advisory
Iranian soldiers march past Iranian President Ebrahim Raisi during a military parade as part of a ceremony marking the country’s annual Army Day, in Tehran, Iran, on April 17, 2024. Atta Kenare/AFP/Getty Images
Naveen Athrappully
Updated:

Iran is engaging in “malicious cyber activity” against key United States individuals including government officials and people involved in political campaigns, according to a joint cybersecurity advisory issued by multiple U.S. agencies and a UK agency.

The hackers, who seek access to personal or business accounts, are working on behalf of Tehran’s Islamic Revolutionary Guard Corps (IRGC), the Sept. 27 advisory states.
The IRGC was founded in 1979 to defend the country’s Islamic revolution and is known to fund militant groups in Iraq, the Palestinian territories, Syria, Lebanon, Yemen, and Afghanistan. The cyberattacks are directed against individuals with a “nexus to Iranian and Middle Eastern affairs,” the advisory notes. These include current and former senior government officials, activists, lobbyists, journalists, and think tank personnel.

The FBI has also observed these threat actors targeting people associated with U.S. political campaigns.

“The cyber actors working on behalf of the IRGC gain access to victims’ personal and business accounts using social engineering techniques, often impersonating professional contacts on email or messaging platforms,” the advisory states.

“In addition, these actors might attempt to impersonate known email service providers to solicit sensitive user security information on email or messaging platforms.”

The joint advisory was issued by the FBI, the U.S. Cyber Command-Cyber National Mission Force, the U.S. Treasury Department, and the UK’s National Cyber Security Centre.

The hackers could also impersonate individuals known to victims, portraying themselves as associates or family members. Victims may receive interview requests from accounts of well-known journalists, invitations to embassy events or conferences, and speaking engagement requests.

“The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials,” the advisory states.

The victims may be prompted to input two-factor authentication codes, asked to send the codes via a messaging app, or interact with phone notifications so that cyber actors gain access to their accounts.

“Victims sometimes gain access to the document but may receive a login error,” the advisory states.

The warning was issued just days after U.S. prosecutors charged three Iranians for allegedly hacking a U.S. presidential campaign. Court documents obtained by The Epoch Times show that the individuals who were charged worked with the IRGC. The documents do not identify which presidential campaign was targeted.
Earlier this month, the FBI revealed that Iran-based hackers targeted former President Donald Trump’s 2024 presidential campaign. The hackers also allegedly tried to deliver stolen information to the Biden campaign.
On Sept. 27, the U.S. Treasury sanctioned seven Iranian regime agents for attempting to interfere in the 2024 and 2020 presidential elections. The individuals attempted to “undermine confidence in the United States’ election processes and institutions,” the department said.

Iranian Hacking Threat

In August, multiple U.S. agencies issued a warning that cyber actors from Iran were looking to exploit U.S. and foreign organizations, targeting sectors such as education, health care, finance, and defense.

The FBI assessed that these groups’ activities against U.S. entities were aimed at eventually engaging in ransomware operations.

Earlier in April, the U.S. Treasury Department’s Office of Foreign Assets Control sanctioned four individuals and two companies found to be involved in “malicious” cyber activity on behalf of the IRGC Cyber Electronic Command.

Using malware and phishing attacks, the threat actors tried to hack into more than two dozen U.S. companies and government entities.

“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens,” Brian Nelson, Treasury undersecretary for terrorism and financial intelligence, said at the time.

“The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks’ operations.”

In February, the U.S. Department of Justice charged an Iranian national for carrying out a “multi-year hacking campaign” that targeted U.S. defense contractors and private sector companies. The defendant allegedly carried out the cyberattacks while employed at an Iranian company that offered cybersecurity services.

More than a dozen U.S. companies and the Treasury and State departments have been targeted. In one incident, the defendant and co-conspirators compromised more than 200,000 employee accounts.

Zachary Stieber contributed to this report.
Naveen Athrappully
Naveen Athrappully
Author
Naveen Athrappully is a news reporter covering business and world events at The Epoch Times.