China and Iran Targeting Presidential Campaigns

China and Iran Targeting Presidential Campaigns

On Thursday, June 4, Google released information on threats to President Donald Trump and VP Joe Biden's presidential campaigns from Iran and China, respectively. Both were targeted by government-backed groups using advanced phishing techniques.

"Campaigns are potentially the most vulnerable part of the election ecosystem," according to NPR's Miles Parks. "They often don't have the time or money to develop long-term security plans. And they're bringing in new staff all the time without training. Those staffers and sometimes volunteers may also be using their own equipment or accounts."

The Trump campaign was targeted by an Iranian group called Charming Kitten (APT 35). That group has recently been caught targeting the pharmaceutical company Gilead Sciences and attempting to impersonate high-profile media figures and journalists.

The Biden campaign was targeted by a Chinese Group known as Hurricane Panda (APT 31). This group has been active since at least 2013, and has previously used 0-day attacks against corporate clients.

In this case, it the attempts by both groups were thwarted and authorities were alerted. But attackers also continue to grow more advanced.

Aaron Higbee, CEO of security firm Cofense, recently encountered a phishing email sent by the same Russian hacking group behind the DNC attack in 2016. The latest email made the 2016 attack look simplistic.

This time around, the presidential campaigns are taking cybersecurity more seriously. Along with regular briefings from DHS, they have increased their staffing and focused on cyber issues. "We are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff," said a Biden campaign spokesman. "We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them."