Google says it has found Iranian hackers hitting top US presidential election targets

(Image credit: Shutterstock / Michael Vi)

Google has issued a warning about Iranian threat actors targeting the US presidential elections.

Following earlier research from Microsoft lifting the lid on similar threats, Google has now published an intelligence report showing that a threat actor tracked as APT42 has targeted a number of organizations related to the US presidential election.

The report claims 60% of the attacks from APT42 have targeted Israel and the US over the past six months, including phishing attacks and social engineering to compromise Gmail accounts of high-profile individuals.

APT42 targeting US elections

APT42 has connections to the Islamic Revolutionary Guard Corps (IRGC), and has launched a number of social engineering campaigns using fake pages that disguise themselves as the Jewish Agency for Israel calling for a ceasefire. APT42 has also targeted a number of military, defense, diplomatic, academic, and civil targets with phishing campaigns for credential theft.

In the US however, APT42 has targeted both the Trump and Biden campaigns in phishing attacks aimed at the personal email accounts of many former US government and campaign officials. Several of these attacks were successful, including one against a high-profile political consultant.

These phishing campaigns have not ceased, and Google states that it is seeing continued unsuccessful attacks against individuals related to President Biden, Vice-President Kamala Harris, and former president Donald Trump.

APT42 has been observed using tactics such as identifying accounts that use Device Prompts for two-factor authentication, and then use login or account recovery attempts spoofed to appear in the same geographic location alongside their credentials to appear as an authentic second factor prompt.

Google recommends high-risk individuals, including elected officials, candidates, campaign workers, journalists, election workers, government officials, should sign up to Google’s Advanced Protection Program, which provides free additional protection measures against phishing and unauthorized access.

More from TechRadar Pro

These are the best endpoint protection services around today
Trump 2024 campaign allegedly targeted by Iranian hackers — Microsoft reveals apparent attack ahead of US election
Take a look at the best malware removal tools right now

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.