The re-election campaign for former US President Donald Trump said it has fallen victim to a cyberattack by Iranian actors, leading to the theft and distribution of sensitive internal documents.
The claim, which did not divulge any specific details about the hack, came a day after Microsoft published a report that made similar accusations about foreign agents interfering in the ongoing US elections.
“Foreign Malign influence concerning the 2024 US elections started off slowly but has steadily picked up pace over the last six months due initially to Russian operations, but more recently from Iranian activity,” Microsoft said in the report. “This recent cyber-enabled influence activity arises from a combination of actors which are conducting initial cyber reconnaissance and seeding online personas and websites into the information space.”
Information phished from the campaign
The hack was first reported by Politico which, in July 2024, received emails from an anonymous account with documents from inside Trump’s operation and later verified it with a campaign spokesperson Steven Cheung.
Cheung told Politico that the documents it received, along with many others, were “obtained illegally by foreign sources hostile to the United States,” and intended to interfere with the 2024 election.
The hackers allegedly obtained sensitive data as a result of a successful phishing campaign against Trump officials. Cheung cited the Microsoft report which said in June 2024, Mint Sandstorm, a group run by the Islamic Revolutionary Guards Corp (IRGC) intelligence unit, sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.
“On Friday, a new report from Microsoft found that Iranian hackers broke into the account of a ‘high ranking official’ on the US presidential campaign in June 2024, which coincides with the close timing of President Trump’s selection of a vice-presidential nominee,” Cheung added.
The phishing email contained a fake forward with a hyperlink that directs traffic through an actor-controlled domain before redirecting to the listed domain. Emails sent to Microsoft and Cheung’s office for potential evidence confirming Trump’s campaign as a target in the phishing campaign did not elicit a response till the publishing of this article.
Is Iran looking for payback?
Iran, found extremely capable in the past of conducting cyberattacks against its foes in the Middle East, earlier in 2022 had threatened to avenge the killing of General Qassem Soleimani by the United States in a drone strike ordered by the Trump administration.
During this time, among many other efforts, Mandiant reported that the news site EvenPolitics, a Tehran-controlled disinformation site, had published articles covering the 2022 US midterm elections. An inauthentic amplification network promoting the site was taken down by the X platform that same year, yet EvenPolitics continues to operate, releasing approximately ten articles per week.
Microsoft, in its report, added that Iranian cyber-enabled influence operations “have been a consistent feature of at least the last three US election cycles”.
Iran’s mission to the United Nations, in response to inquiries about the Trump campaign’s allegations, denied any involvement. Speaking to The Associated Press, the mission stated, “We dismiss these reports entirely. The Iranian government has neither the capability nor the intention to interfere in the United States presidential election.”