For the third presidential election in a row, the foreign hacking of the campaigns has begun in earnest. But this time, it’s the Iranians, not the Russians, making the first significant move.
On Friday, Microsoft released a report declaring that a hacking group run by the intelligence unit of Iran’s Revolutionary Guard had successfully breached the account of a “former senior adviser” to a presidential campaign. From that account, Microsoft said, the group sent fake email messages, known as “spear phishing,” to “a high-ranking official of a presidential campaign” in an effort to break into the campaign’s own accounts and databases.
By Saturday night, former President Donald Trump was declaring that Microsoft had informed his campaign “that one of our many websites was hacked by the Iranian Government — Never a nice thing to do!” but that the hackers had obtained only “publicly available information.” He attributed it all to what he called, in his signature selective capitalization, a “Weak and Ineffective” Biden administration.
The facts were murkier, and it is unclear what, if anything, the Iranian group, which Microsoft called Mint Sandstorm, was able to achieve.
Trump’s campaign was already blaming “foreign sources hostile to the United States” for a leak of internal documents that Politico reported Saturday that it had received, though it is unclear whether those documents indeed emerged from the Iranian efforts or were part of an unrelated leak from inside the campaign.
The New York Times received what appears to be a similar if not identical trove of data from an anonymous tipster purporting to be the same person who emailed the documents to Politico.
Either way, the events of the past few days may well portend a more intense period of foreign interference in a race whose sudden turns, and changes of candidates, could have thrown the hackers off their plans.
Russia has so far played a relatively minor role, investigators and cybersecurity experts say, focusing instead on seeking to undermine the Olympics, from which it was barred from fielding its own team, and support for Ukraine. And while American intelligence officials say they have little doubt that Russia wants to see Trump return to office, Chinese hackers, they say, seem uncertain how to play the election; they have reason to dislike Trump and Vice President Kamala Harris.
There is little doubt, investigators say, that the Iranians want to see Trump defeated. As president, he withdrew from the 2015 nuclear deal, reimposed economic sanctions on Iran and then, in January 2020, ordered the killing in Iraq of Maj. Gen. Qassem Soleimani, commander of the Quds Force, a clandestine wing of the Revolutionary Guard responsible for foreign operations.
Four years later, the Revolutionary Guard appears still determined to avenge Soleimani’s death, and just last week the Justice Department announced it had charged a Pakistani man who had recently visited Iran, accusing him of trying to hire a hit man to assassinate political figures in the US, most likely including Trump. There is no evidence that Iran was involved in the July 13 attempt on Trump’s life in Butler, Pennsylvania.
Trump often casts his actions against Iran as evidence of his strength, despite the fact that his exit from the Iran deal gave Tehran an opening to rebuild a nuclear program that had been hobbled by the 2015 agreement. Still, the combination of the hack and the hit men looking for Trump and his former aides gave the former president an obvious foil, and he was using it over the weekend to make the case that the Iranians would prefer a continuation of the Biden-Harris administration.
Microsoft stopped short of saying that the hacking effort it detected was focused on Trump’s campaign, though the campaign itself said that was the case. In an interview, Tom Burt, head of the company’s customer security and trust team, said that in June, “the Iranian team associated with Iranian intelligence” operations of the Revolutionary Guard successfully breached the email account of a former Trump campaign adviser, whom the company did not name. From that account, he said, the Iranians sent a spear phishing email to an official of a presidential campaign.
While it would have appeared to the recipient to have come from the former Trump campaign adviser, Burt refused to say whether the targeted campaign was also Trump’s. By long-established practice, Microsoft says, it can reveal such details only with the permission of the victim of an attack.
In many ways, the effort was similar in technique to what Iran attempted when it sought to interfere in the 2020 presidential campaign. This time, however, the Iranian effort looks to have been more sophisticated— namely, through the hacking of a trusted intermediary— suggesting the hackers learned something from what the Russians accomplished in past campaigns, notably in 2016.
But Burt said the company could not determine whether the effort was successful in penetrating the campaign it targeted.
The documents sent to Politico, as it described them, and to the Times included research about and assessments of potential vice-presidential nominees, including Sen. JD Vance, whom Trump ultimately selected. Like many such vetting documents, they contained past statements with the potential to be embarrassing or damaging, such as Vance’s remarks casting aspersions on Trump.