Tuesday, August 13, 2024

Hack against Trump campaign and threats against other U.S. politicos, could be tied to Trump's order of a fatal 2020 drone strike against Iranian military leader

(CBS)

The FBI and other authorities, who are investigating the apparent hack-and-leak of Trump campaign documents -- which Donald Trump blames on Iran -- suspect the hackers were able to compromise the personal email account of longtime Republican and Trump operative Roger Stone, according to a report at CNN. The hackers are believed to have attempted a breach of emails belonging to the Kamala Harris-Tim Walz campaign. It appears the attempted hack of Harris-Walz documents was unsuccessful.

In an unusual twist, the hackers managed to work through the Politico news site, and we will have more about that element of the story in an upcoming post.

 Under the headline "Suspected Iranian hackers breached Roger Stone’s personal email as part of effort to target Trump campaign, sources say," CNN's Sean Lyngaas, Evan Perez, and Kristen Holmes write:

The hackers used access to Stone’s email account to try to break into the account of a senior Trump-campaign official as part of a persistent effort to access campaign networks, one of the sources said. The hacking incident, which occurred in June, set off a scramble in the Trump campaign, the FBI and Microsoft, which spotted the intrusion attempts, to contain the incident and to determine if there was a broader cyber threat from Iran.

Stone was informed by Microsoft and the FBI that his personal email was compromised by a “Foreign State Actor,” with the intention of utilizing the account to phish officials in the Trump campaign into opening a link that would give perpetrators access to that person’s computer, one of the sources  said.

“Mr. Stone was contacted about this matter by Microsoft and the FBI and continues to cooperate with both,” said Grant Smith, an attorney for the Republican operative. “Mr. Stone will have no further comment at this time.”

The Washington Post first reported that Stone’s account was targeted. The Trump campaign declined to comment on whose account was breached.

The FBI also briefed the Biden-Harris campaign in June about Iranian hackers targeting that campaign, one of the sources said.

“Our campaign vigilantly monitors and protects against cyber threats, and we are not aware of any security breaches of our systems,” a Harris campaign official told CNN.

The FBI said in a statement Monday that it was investigating the reported cyberattack on the Trump campaign but declined to comment further.

US intelligence officials have briefed the Senate Intelligence Committee on the hacking incident, another source familiar with the matter told CNN.

It is not clear how Iranian officials intended to benefit from the hack or what kind of information they might have obtained, but experts say the hack bears the hallmarks of an Iran operation, CNN reports:

Iran has denied the allegations, and the US government has not publicly or officially pointed the finger at Iran. But the techniques used by the hackers to target the Trump campaign match those associated with Iranian hackers, according to one source familiar with the matter.

The news adds to growing evidence that Iranian operatives are mounting an aggressive effort to influence the 2024 US presidential election, overshadowing activity from the Russians. US intelligence officials last month warned of an ongoing covert social-media campaign by Iran to undercut Trump’s candidacy and to increase “social discord” in the US ahead of the November election. That activity has included creating fake news sites targeting liberal and conservative voters, according to Microsoft.

The US director of national intelligence, Avril Haines, has also accused Iran of attempting to covertly stoke protests in the US related to the Israel-Hamas conflict by posing as activists online and in some cases providing financial support to protesters.

A report from Associated Press (AP) provides background on the roles of Microsoft and Politico in the hacking operation, plus possible connections to Iran's threats to retaliate against Trump for ordering a fatal drone strike in 2020 against  prominent Revolutionary Guard Gen. Qassem Soleimani. AP's Bill Barrow, who notes signs that the hacking could extend beyond Trump to other U.S. political figures, writes:

Former President Donald Trump’s presidential campaign said Saturday that it has been hacked and suggested Iranian actors were involved in stealing and distributing sensitive internal documents.

The campaign provided no specific evidence of Iran’s involvement, but the claim comes a day after Microsoft issued a report detailing foreign agents’ attempts to interfere in the U.S. campaign in 2024.

It cited an instance of an Iranian military intelligence unit in June sending “a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.”

Trump campaign spokesperson Steven Cheung blamed the hack on “foreign sources hostile to the United States.” A spokesperson for the National Security Council said in a statement that it takes any report of improper foreign interference “extremely seriously” and condemns any government or entity that attempts to undermine confidence in U.S. democratic institutions, but said it deferred to the Justice Department on this matter.

Iran’s mission to the United Nations, when asked about the claim of the Trump campaign, denied being involved. “We do not accord any credence to such reports,” the mission told The Associated Press. “The Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election.”

Iran, however, long has been suspected of running hacking campaigns targeting its enemies in the Middle East and beyond. Tehran also long has threatened to retaliate against Trump over the 2020 drone strike he ordered that killed prominent Revolutionary Guard Gen. Qassem Soleimani.

The U.S. Justice Department this past week unsealed criminal charges against a Pakistani national with ties to Iran alleged to have plotted assassination attempts against political figures in the United States, including potentially Trump, and to have sought to hire purported hitmen who were actually undercover law enforcement officials. Court documents in that case pointedly noted a desire by Iran to conduct operations against perceived enemies of the regime and to avenge the killing of Soleimani.

What roles did Politico (perhaps unwittingly) and Microsoft play in the hacking story? AP's Barrow provides details:

Politico first reported Saturday on the hack. The outlet reported that it began receiving emails on July 22 from an anonymous account. The source — an AOL email account identified only as “Robert” — passed along what appeared to be a research dossier the campaign had apparently done on the Republican vice presidential nominee, Ohio Sen. JD Vance. The document was dated Feb. 23, almost five months before Trump selected Vance as his running mate.

“These documents were obtained illegally” and “intended to interfere with the 2024 election and sow chaos throughout our Democratic process,” Cheung said.

He pointed to the Microsoft report issued Friday and its conclusions that “Iranian hackers broke into the account of a ‘high-ranking official’ on the U.S. presidential campaign in June 2024, which coincides with the close timing of President Trump’s selection of a vice presidential nominee.”

“The Iranians know that President Trump will stop their reign of terror just like he did in his first four years in the White House,” Cheung said, adding a warning that “any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies and doing exactly what they want.”

Cheung did not immediately respond to questions about the campaign’s interactions with Microsoft on the matter. Microsoft said Saturday it had no comment beyond its blog post and Friday report.

In that report, Microsoft stated that “foreign malign influence concerning the 2024 US election started off slowly but has steadily picked up pace over the last six months due initially to Russian operations, but more recently from Iranian activity.”

The analysis continued: “Iranian cyber-enabled influence operations have been a consistent feature of at least the last three U.S. election cycles. Iran’s operations have been notable and distinguishable from Russian campaigns for appearing later in the election season and employing cyberattacks more geared toward election conduct than swaying voters.”

“Recent activity suggests the Iranian regime — along with the Kremlin — may be equally engaged in election 2024,” Microsoft concluded.

Specifically, the report detailed that in June 2024, an Iranian military intelligence unit, Mint Sandstorm, sent a phishing email to an American presidential campaign via the compromised account of a former adviser.

“The phishing email contained a fake forward with a hyperlink that directs traffic through an actor-controlled domain before redirecting to the listed domain,” the report states.

No comments:

Post a Comment