After Microsoft, Google now claims Iranian hackers are targeting US presidential election

Google has recently issued a warning about Iranian hackers targeting the upcoming US presidential elections, echoing concerns previously raised by Microsoft.

According to Google’s latest intelligence report, a group known as APT42 has been identified as the primary actor behind these cyber threats. This group, with links to the Islamic Revolutionary Guard Corps (IRGC), has been actively targeting organizations connected to the US presidential race.

Over the past six months, 60 per centr of APT42’s cyber activities have focused on Israel and the United States. Their methods include phishing attacks and sophisticated social engineering tactics aimed at compromising Gmail accounts, particularly those belonging to high-profile individuals.

APT42 has also been involved in targeting various sectors, including military, defence, diplomacy, academia, and civil society, using phishing campaigns to steal credentials.

In the context of the US, APT42 has directed its efforts at both the Trump and Biden campaigns, with a specific focus on the personal email accounts of former US government officials and campaign staff. Some of these phishing attempts have been successful, including one that targeted a well-known political consultant.

Despite ongoing efforts to thwart these attacks, Google has observed that APT42 continues to launch unsuccessful phishing attempts against individuals linked to President Biden, Vice-President Kamala Harris, and former President Donald Trump.

APT42 has been employing a variety of tactics to breach security measures. One of their strategies involves identifying accounts that use Device Prompts for two-factor authentication (2FA). They then initiate login or account recovery attempts that are cleverly spoofed to appear as legitimate prompts from the same geographic location, making it difficult for users to distinguish between authentic and fraudulent access attempts.

In response to these threats, Google has recommended that high-risk individuals, such as elected officials, candidates, campaign workers, journalists, and government officials, enrol in its Advanced Protection Program. This program offers additional layers of security to protect against phishing and unauthorised access, providing a more robust defence against the kind of sophisticated attacks being launched by APT42.

As the US presidential election draws closer, the risk of cyber threats like those from APT42 is expected to remain high, making enhanced security measures increasingly critical for those involved in the election process.