San Francisco - The 2020 presidential election is still 13 months away, but already Iranians are following in the footsteps of Russia and have begun cyberattacks aimed at disrupting the campaigns.
Microsoft said Friday that Iranian hackers, with apparent backing from the government, had made more than 2,700 attempts to identify the email accounts of current and former US government officials, journalists covering political campaigns and accounts associated with a presidential campaign.
Though the company would not identify the presidential campaign involved, two people with knowledge of the hacking, who were not allowed to discuss it publicly, said it was President Donald Trump’s.
In addition to Iran, hackers from Russia and North Korea have started targeting organisations that work closely with presidential candidates, according to security researchers and intelligence officials.
“We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” said Oren Falkowitz, the chief executive of the cybersecurity company Area 1, in an interview.
Microsoft said the attacks occurred over a 30-day period in August and September. That was roughly after the Trump administration announced additional sanctions against Iran, more than a year following the president’s withdrawal from the 2015 nuclear deal with Tehran. Iranian officials concede that the sanctions, intended to chock off the country’s oil revenue, have plunged the economy into a recession.
More recently, the administration has considered a cyberstrike to punish Tehran for what officials charge was an Iranian attack on Saudi oil facilities last month. It is all part of a low-level, daily cyberconflict between the two countries.
Iranian hackers have been engaged in a broad campaign against US targets, according to Microsoft. The company found that hackers had tried to attack 241 accounts, using fairly unsophisticated means. The hackers appeared to have used information available about their victims online to discover their passwords. It was unclear what information they had stolen.
While the Microsoft report did not name Iran’s targets, it found evidence that hackers had infiltrated email inboxes in at least four cases. But the four successful hacks did not belong to a presidential campaign.
Tim Murtaugh, the Trump campaign’s communications director, said in a statement that “we have no indication that any of our campaign infrastructure was targeted.” Representatives for other presidential candidates said Friday that their campaigns had not been targeted.
For weeks, officials from the FBI, the Department of Homeland Security and the National Security Agency have said they are particularly concerned about Iranian-backed attacks. Their worries stemmed from rising tensions over new sanctions on Iran and nascent Iranian activity in the 2018 midterm elections.
While the officials said they believed that all the presidential campaigns were likely targets, Trump’s has long been considered a prime one.
It was Trump who abandoned the nuclear deal and ramped up sanctions. The United States has also designated Iran’s Revolutionary Guard a terrorist group. The Guard oversees the nuclear program and, by some accounts, Iran’s best hacking group, its Cyber Corps.
But it is not clear whether the group that Microsoft identified reports to the Cyber Corps or is made up, deliberately, of freelancers and others whose affiliations are harder to trace.
Security executives at the Democratic National Committee warned staff members in an email this week that Iranian hackers might be targeting their email accounts with so-called spearphishing attacks, in which hackers try to lure their target into clicking on a malicious link or attachment. That link or attachment can give attackers a foothold into a computer network.
The hackers were also believed to be interfering with an additional security feature known as two-factor authentication - a common security method that asks for credentials beyond a password - and were creating fake LinkedIn personas to make their email lures more believable.
Cybersecurity experts who specialize in disinformation say they have witnessed several coordinated disinformation campaigns aimed at influencing the 2020 campaign.
The bulk of that disinformation has originated domestically, said Cindy Otis, the director of analysis at Nisos, a cybersecurity firm in Alexandria, Virginia. She said other nation-states were closely watching these domestic operations, but appeared to be holding back.
“We’ve seen a lot of disinformation on the domestic front, but nation-states are likely to amplify those narratives, as we saw Russia do in 2016,” Otis said. “But with so many candidates still in the running, nation-states seem to be waiting before they put all their efforts into one basket.”