Microsoft Says US Presidential Campaign Targeted by Iran-Backed Hackers

The Trump campaign said it had been hacked, and a Microsoft report reveals an Iran-backed group targeted a high-ranking presidential campaign official.
Microsoft Says US Presidential Campaign Targeted by Iran-Backed Hackers
The Microsoft logo is displayed on a building in Issy-les-Moulineaux, France, in this April 12, 2016, file photo. THE CANADIAN PRESS/AP/Michel Euler
Tom Ozimek
Updated:
0:00

Microsoft’s cyber threat assessment unit said on Aug. 9 that a high-ranking official on a U.S. presidential campaign had been hacked by an Iran-backed group, and the campaign of former President Donald Trump later revealed that it had been the target of a cyberattack, linking the breach to “foreign sources hostile to the United States.”

The report from the Microsoft Threat Analysis Center (MTAC) indicates that an Iranian group connected to the Islamic Revolutionary Guard Corps, called Mint Sandstorm, sent a spear phishing email in June to a high-ranking official on a presidential campaign from a compromised email account belonging to a former senior campaign adviser.

“Mint Sandstorm similarly targeted a presidential campaign in May and June 2020 five to six months ahead of the last U.S. presidential election,” MTAC said, adding that the same group also tried but failed to breach an account belonging to a former presidential candidate.

While no details were released on the official’s identity, Microsoft’s threat assessment team said that the Iranian-linked breaches related to increasing attempts to influence the U.S. presidential election in November.

“This recent cyber-enabled influence activity arises from a combination of actors which are conducting initial cyber reconnaissance and seeding online personas and websites into the information space,” according to the report.

Following the report’s release, the Trump 2024 presidential campaign confirmed that it had been the target of a cyberattack in which campaign documents were stolen.

The breach, which Trump campaign spokesperson Steven Cheung told Politico on Aug. 10 has been attributed to “foreign sources hostile to the United States,” marks a significant development in the area of foreign interference in U.S. elections as the race for the White House heats up.

Politico reported that, on July 22, it began receiving emails from an anonymous source using the alias “Robert.” The emails reportedly contained internal documents from the Trump campaign, including a 271-page research dossier on Sen. JD Vance (R-Ohio), who was vetted as a potential vice presidential nominee and later chosen as Trump’s running mate.

Cheung pointed to the Microsoft report and its finding that Iranian hackers had broken into the account of a high-ranking official on the U.S. presidential campaign as evidence of involvement of a foreign hostile power in the Trump campaign breach.

“These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our democratic process,” Cheung told the outlet.

He also linked the timing of the breach to reports of Iranian plots against Trump, who remains a target of Iranian hostility after ordering the 2020 assassination of Iranian Gen. Qassem Soleimani.

Cheung, who didn’t immediately respond to a request from The Epoch Times for more details of the development, declined to tell Politico whether the Trump campaign had contacted law enforcement regarding the breach.

U.S. intelligence officials recently stated that Iran had been hard at work sowing political discord in the United States via the use of clandestine or ghost social media accounts. Iran has denied that such practices are taking place and said that any actions against the United States are purely defensive and don’t involve cyberattacks.

The Office of the Director of National Intelligence released a statement in July confirming that Iranian groups had targeted the U.S. political campaign, specifically that of Trump, to influence the November election.

The U.S. intelligence community “has observed Tehran working to influence the presidential election, probably because Iranian leaders want to avoid an outcome they perceive would increase tensions with the United States,” the statement reads.

Microsoft’s report said that the hackers’ activity also covered a wider scope, including gaining intelligence on U.S. political campaigns, which allowed Iranian groups to target political swing states in the United States.

The report also stated that a previous breach involving a county official, which took place in May, was part of a wider “password spray operation.” This type of operation involves the use of common or leaked passwords, which hackers use on multiple accounts until they find a match and break into one.

The report confirmed that no other accounts were compromised through the breach and that all other targeted officials were notified of the cyberattack.

Tom Ozimek
Tom Ozimek
Reporter
Tom Ozimek is a senior reporter for The Epoch Times. He has a broad background in journalism, deposit insurance, marketing and communications, and adult education.
twitter
Related Topics