According to Google, Iranian hackers are targeting important US presidential election targets.
Google discloses information about Iranian cyberattacks targeting US political campaigns.
Concerning Iranian threat actors aiming for the US presidential elections, Google has released a warning.
After Microsoft’s earlier study exposed comparable risks, Google has now released an intelligence assessment revealing that a threat actor known as APT42 has targeted several US presidential election-related companies.
According to the study, over the last six months, 60% of APT42’s attacks—which included phishing and social engineering schemes aimed at high-profile persons’ Gmail accounts—have allegedly targeted Israel and the US.
APT42 aims against US elections
APT42 has ties to the Islamic Revolutionary Guard Corps (IRGC) and has used fictitious pages posing as the Jewish Agency for Israel to launch several social engineering operations demanding a ceasefire. APT42 has also used phishing tactics to steal credentials from a number of military, defense, diplomatic, academic, and civil targets.
However, APT42 has launched phishing attempts against the personal email accounts of numerous former US government and campaign executives in the US, specifically targeting the Trump and Biden campaigns. A number of these attacks—one of which targeted a well-known political consultant—were effective.
Phishing attempts have not stopped, and according to Google, it is still witnessing unsuccessful assaults against people connected to former president Donald Trump, Vice President Kamala Harris, and President Biden.
In order to appear as a valid second factor prompt, APT42 has been detected employing strategies like identifying accounts that use Device Prompts for two-factor authentication and then leveraging spoofing login or account recovery attempts to appear in the same geographic location as their credentials.
Leave a Reply