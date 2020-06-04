State-backed hackers in Iran and China recently attacked Republican President Donald Trump and Democrat Joe Biden's presidential campaigns, a Google threat analyst said Thursday.

The revelation is the latest evidence of foreign governments trying to obtain information about American politicians and potentially disturb or intrude on their election campaigns. An Iranian-backed group attacked the Trump campaign and China-backed attackers attacked the Biden campaign, said Shane Huntley, head of Google's Threat Analysis Group. On twitter. Both groups used phishing emails. There is no indication that any of the attack campaigns were successful.

Kittens and pandas

Huntley identified the Iranian group that targeted the Trump campaign as APT35, short for Advanced Persistent Threat 35. Also known as Charming Kitten, iKittens and Phosphorous, the group was caught targeting an unidentified presidential campaign earlier, Microsoft said last October. . In that campaign, Phosphorous members attempted to access email accounts that campaign staff received through Microsoft's cloud services. Microsoft said the attackers worked tirelessly to gather information that could be used to activate password reset and other account recovery services offered by Microsoft.

The Chinese group known as APT31, meanwhile, targeted the Biden campaign, Huntley said. The group, which security researchers also call Hurricane Panda, Black Vine, and Zirconio, "is a very advanced adversary,quot; that exploited a zero-day vulnerability in Microsoft Windows in 2014, researchers at security firm CrowdStrike said at the time. .

Google responds

Huntley said Google officials sent campaigns the company's standard warning that they were targeted for hacking in the country. The company started the practice in 2012. To protect its sources and methods, Google doesn't send the notifications right away and then send them out in large batches. Google also referred the matter to the police.

In a statement, a Google spokesperson wrote:

We can confirm that our Threat Analysis Group recently saw phishing attempts by a Chinese group targeting Biden campaign staff personal email accounts and an Iranian group targeting campaign staff personal email accounts. from Trump. We saw no evidence that these attempts were successful. We send selected users our standard government-backed attack warning and forward this information to federal law enforcement. We encourage campaign staff to use additional protection for their work and personal emails, and we offer security resources like our Advanced Protection Program and free security keys for qualifying campaigns.

Piracy of political parties and campaigns has been a major concern since two Russian piracy groups were caught in the Democratic National Committee network in 2016, just before the presidential campaign. The breaches were largely accomplished through phishing emails that tricked staff members into entering their passwords at sites controlled by attackers.

Multiple US intelligence agencies. USA They later concluded that Russia participated in a sustained piracy and disinformation campaign with the aim of disrupting the democratic process in the United States. USA And increase the chances that then-candidate Trump would win the election.

Google provides the aforementioned Advanced Protection Program, a service designed to protect politicians, poll workers, journalists and others who are frequently attacked by hackers. The program requires that a physical security key be used as a second factor when logging into Gmail and other Google services from new devices. APP has most likely foiled the 2016 phishing attacks as simply stealing passwords is insufficient to gain unauthorized access.