On Thursday, Shane Huntley, the head of Google’s Threat Analysis Group (TAG), said on Twitter that they recently detected two separate phishing campaigns. For those unaware, TAG is a division inside Google’s security department, which works to counter government-backed hacking and attacks against the company and its users. According to TAG, staffers working on the U.S. presidential campaign of Biden were targeted by China-linked APT (advanced persistent threat) group. Similarly, an Iran-linked APT group were found to be targeting email accounts belonging to Trump’s campaign staff. “Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement,” Huntley tweeted.
— Shane Huntley (@ShaneHuntley) June 4, 2020 “Phishing” is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an email. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. A Google spokesperson confirmed that there was no evidence that the phishing attempts were successful. “We can confirm that our Threat Analysis Group recently saw phishing attempts from a Chinese group targeting the personal email accounts of Biden campaign staff and an Iranian group targeting the personal email accounts of Trump campaign staff. We didn’t see evidence that these attempts were successful. We sent the targeted users our standard government-backed attack warning and we referred this information to federal law enforcement,” the spokesperson said in a statement. “We encourage campaign staff to use extra protection for their work and personal emails, and we offer security resources such as our Advanced Protection Program and free security keys for qualifying campaigns.” Huntley said the groups involved in the attacks on both the presidential election campaigns were China’s APT31 (targeted Biden), also known as Zirconium, and Iran’s APT35 (targeted Trump), also known as Charming Kitten. APT31 is a Chinese state-sponsored hacking group that specializes on intellectual property theft, focusing on data and projects that make a particular organization competitive in its field. On the other hand, APT35 is an Iranian-backed hacking group known to use phishing to impersonate company websites, as well as fake accounts and fake DNS domains to phish users’ passwords. A spokesperson for Biden’s campaign told that they were “aware” of the targeting. “Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign’s assets are secured,” the spokesperson emphasized. “We are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff. We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them.” A spokesperson for the Trump campaign also stated that they had received an update on the incident. “The Trump campaign has been briefed that foreign actors unsuccessfully attempted to breach the technology of our staff. We are vigilant about cybersecurity and do not discuss any of our precautions,” a campaign official said. This is not the first phishing attack that has taken place to target U.S. presidential campaigns this year. In October last year, Microsoft Threat Intelligence Center had announced that “Phosphorus” – an Iranian hacking group – targeted the accounts associated with the 2020 re-election campaign of President Trump, but the accounts were not compromised.