Chinese, Iranian phishing campaigns target Biden, Trump campaigns

Joe Biden and Donald Trump’s campaigns may be worlds apart on issues and in style, but they share common cyber enemies, according to the Google Threat Analysis Group (TAG), which said both are the targets of phishing campaigns by nation-states like China and Iran.

“Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing,” TAG Director Shane Huntley tweeted. “No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement.”

Huntley identified the groups as APT31 (China) and APT35 (Iran, aka Rocket Kitten and Magic Hound).

“Phishing is often the first step in any cybersecurity attack,” said Chris Hazelton, director of security solutions at Lookout.

Noting that “mobile phishing has increased as an approach of malicious actors to steal user credentials by tricking users into entering those credentials into fake cloud services portal used by political campaigns,” Hazelton said that there has been "a significant increase in mobile phishing attacks among political campaigns" that are using Lookout, with encounter rates on iOS and Android having increased 45 percent from Q4 2019 to Q1 2020.

Regardless of awareness training, “phishing attacks will always be successful,” said Jack Mannino, nVisium CEO, explaining that “once an attacker gets in, your security posture and hygiene are what matter most.”  

It’s not clear what the attackers were after, but political campaigns are virtual treasure troves. “These groups may be looking to use information that they obtain to sow discord in the country of the ongoing campaign,” said Charles Raglan, security engineer at Digital Shadows. “They may also use it for more traditional intelligence collection to inform other actions. As more and more communication is done online, this trend is likely to continue.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.