Microsoft’s cyber threat assessment unit said on Aug. 9 that a high-ranking official on a U.S. presidential campaign had been hacked by an Iran-backed group, and the campaign of former President Donald Trump later revealed that it had been the target of a cyberattack, linking the breach to “foreign sources hostile to the United States.”
“Mint Sandstorm similarly targeted a presidential campaign in May and June 2020 five to six months ahead of the last U.S. presidential election,” MTAC said, adding that the same group also tried but failed to breach an account belonging to a former presidential candidate.
While no details were released on the official’s identity, Microsoft’s threat assessment team said that the Iranian-linked breaches related to increasing attempts to influence the U.S. presidential election in November.
“This recent cyber-enabled influence activity arises from a combination of actors which are conducting initial cyber reconnaissance and seeding online personas and websites into the information space,” according to the report.
Following the report’s release, the Trump 2024 presidential campaign confirmed that it had been the target of a cyberattack in which campaign documents were stolen.
Politico reported that, on July 22, it began receiving emails from an anonymous source using the alias “Robert.” The emails reportedly contained internal documents from the Trump campaign, including a 271-page research dossier on Sen. JD Vance (R-Ohio), who was vetted as a potential vice presidential nominee and later chosen as Trump’s running mate.
“These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our democratic process,” Cheung told the outlet.
He also linked the timing of the breach to reports of Iranian plots against Trump, who remains a target of Iranian hostility after ordering the 2020 assassination of Iranian Gen. Qassem Soleimani.
Cheung, who didn’t immediately respond to a request from The Epoch Times for more details of the development, declined to tell Politico whether the Trump campaign had contacted law enforcement regarding the breach.
U.S. intelligence officials recently stated that Iran had been hard at work sowing political discord in the United States via the use of clandestine or ghost social media accounts. Iran has denied that such practices are taking place and said that any actions against the United States are purely defensive and don’t involve cyberattacks.
The U.S. intelligence community “has observed Tehran working to influence the presidential election, probably because Iranian leaders want to avoid an outcome they perceive would increase tensions with the United States,” the statement reads.
Microsoft’s report said that the hackers’ activity also covered a wider scope, including gaining intelligence on U.S. political campaigns, which allowed Iranian groups to target political swing states in the United States.
The report also stated that a previous breach involving a county official, which took place in May, was part of a wider “password spray operation.” This type of operation involves the use of common or leaked passwords, which hackers use on multiple accounts until they find a match and break into one.
The report confirmed that no other accounts were compromised through the breach and that all other targeted officials were notified of the cyberattack.
