Google: Chinese and Iranian hackers targeted Biden and Trump campaign staffers

ZD Net, 4 Jun 2020: State-sponsored hackers from China and Iran have unsuccessfully targeted the campaign staffs of US presidential candidates Joe Biden and Donald Trump, respectively. The attacks have been observed by the Google Threat Analysis Group (TAG), a division inside Google’s security department that tracks nation-state hacking groups. “Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing,” said Shane Huntley, head of Google TAG. Huntley said the groups behind the attacks are APT31 (targeted Biden) and APT35 (targeted Trump). APT31, also known as Zirconium, is a Chinese state-sponsored hacking group that has been active since at least early 2016 and has historically targeted foreign companies to steal intellectual property, however, it has also targeted diplomatic entities in the past. According to a Microsoft threat analyst, the group has seen a surge of activity recently and has been very active over the past 45 days. APT35, also known as Newscaster, is an Iranian cyber-espionage sponsored by the Iranian government. The group has been active since 2014 and has typically targeted the US and Middle Eastern militaries, diplomatic and government personnel, organizations in the media, energy, and defense industrial bases (DIB), and the engineering, business services, and telecommunications sectors. APT35 had also targeted the Trump campaign staff last year. The 2019 attacks were spotted by Microsoft. Several cyber-security companies, including both Google and Microsoft, provide free security tools for election officials and campaign staff. A spokesperson for the Biden campaign told ZDNet that they were aware of the attacks detailed in Google’s disclosure today. A representative for the Trump campaign also confirmed that they are aware of the attacks, but declined to “discuss any of our precautions.”