Microsoft: Iran-aligned hackers targeted ‘high-ranking official’ in US presidential campaign

Aug 9, 2024

A group of hackers aligned with Iran’s Islamic Revolutionary Guard Corps have targeted a “high-ranking official” inside a U.S. presidential campaign ahead of this November’s election, Microsoft has revealed. 

The technology company says the alleged incident is part of a wave of activity “we’ve been tracking that increasingly points to Iran’s intent to influence” the race. 

Microsoft wrote on its blog that the Iranian group linked to the IRGC “sent a spear phishing email in June to a high-ranking official on a presidential campaign from the compromised email account of a former senior advisor.” 

“The email contained a link that would direct traffic through a domain controlled by the group before routing to the website of the provided link. Within days of this activity, the same group unsuccessfully attempted to log into an account belonging to a former presidential candidate,” it added. “We’ve since notified those targeted.” 

SECURITY FIRM EXPERIENCING NIGHTMARE AFTER LEARNING REMOTE EMPLOYEE IS NORTH KOREAN HACKER 

Microsoft did not identify which campaign the target belonged to, but at that time, President Biden was running for re-election against former President Trump and Vice President Harris had yet to enter the race. 

Representatives for the Biden, Harris, Trump and Kennedy campaigns did not immediately respond Friday to requests for comment from FOX Business.  

A separate Iranian group has managed though to infiltrate the account of a county-level government employee in a swing state, according to Microsoft. 

DEMOCRATS LAUNCH ‘CRYPTO FOR HARRIS’ CAMPAIGN TO COUNTER TRUMP’S INDUSTRY APPEAL 

“The compromise was part of a broader password spray operation and Microsoft Threat Intelligence did not observe the actor gain additional access beyond the single account, making it hard to discern the group’s ultimate objectives,” it said. “Since early 2023, [that] group’s operations have focused on strategic intelligence collection particularly in satellite, defense, and health sectors with some targeting of U.S. government organizations, often in swing states.” 

Microsoft also says that a third Iranian group has been launching bogus news websites aimed at American voters on both sides of the political spectrum. 

It described one of the sites as catering to left-leaning audiences – with insults of former President Trump – while another “claims to be a ‘trusted source for conservative news in the vibrant city of Savannah’ and focuses on topics including LGBTQ+ issues and gender reassignment.” 

CLICK HERE TO READ MORE ON FOX BUSINESS        

“The evidence we found suggests the sites are using AI-enabled services to plagiarize at least some of their content from U.S. publications,” Microsoft said, adding that “we share intelligence like this so voters, government institutions, candidates, parties, and others can be aware of influence campaigns and protect themselves from threats.” 

​Microsoft says Iranian groups are trying to influence the 2024 U.S. presidential election, with one targeting a top official inside of a campaign.   

A group of hackers aligned with Iran’s Islamic Revolutionary Guard Corps have targeted a “high-ranking official” inside a U.S. presidential campaign ahead of this November’s election, Microsoft has revealed. 

The technology company says the alleged incident is part of a wave of activity “we’ve been tracking that increasingly points to Iran’s intent to influence” the race. 

Microsoft wrote on its blog that the Iranian group linked to the IRGC “sent a spear phishing email in June to a high-ranking official on a presidential campaign from the compromised email account of a former senior advisor.” 

“The email contained a link that would direct traffic through a domain controlled by the group before routing to the website of the provided link. Within days of this activity, the same group unsuccessfully attempted to log into an account belonging to a former presidential candidate,” it added. “We’ve since notified those targeted.” 

SECURITY FIRM EXPERIENCING NIGHTMARE AFTER LEARNING REMOTE EMPLOYEE IS NORTH KOREAN HACKER 

President Biden, left, and former President Trump were the top two candidates in the presidential election in June, when Microsoft says the Iranian hackers targeted a presidential campaign. (Kevin Dietsch/Stephen Maturen/Getty Images)

Microsoft did not identify which campaign the target belonged to, but at that time, President Biden was running for re-election against former President Trump and Vice President Harris had yet to enter the race. 

Representatives for the Biden, Harris, Trump and Kennedy campaigns did not immediately respond Friday to requests for comment from FOX Business.  

Ticker Security Last Change Change %MSFT MICROSOFT CORP. 402.69 +4.26
+1.07%

A separate Iranian group has managed though to infiltrate the account of a county-level government employee in a swing state, according to Microsoft. 

DEMOCRATS LAUNCH ‘CRYPTO FOR HARRIS’ CAMPAIGN TO COUNTER TRUMP’S INDUSTRY APPEAL 

An Iranian flag is seen waving in front of a portrait of the late Iranian President Ebrahim Raisi in downtown Tehran, Iran, in May 2024. Microsoft is reporting that Iran is trying to influence this year’s U.S. presidential election. (Morteza Nikoubazl/NurPhoto via Getty Images / Getty Images)

“The compromise was part of a broader password spray operation and Microsoft Threat Intelligence did not observe the actor gain additional access beyond the single account, making it hard to discern the group’s ultimate objectives,” it said. “Since early 2023, [that] group’s operations have focused on strategic intelligence collection particularly in satellite, defense, and health sectors with some targeting of U.S. government organizations, often in swing states.” 

Microsoft also says that a third Iranian group has been launching bogus news websites aimed at American voters on both sides of the political spectrum. 

It described one of the sites as catering to left-leaning audiences – with insults of former President Trump – while another “claims to be a ‘trusted source for conservative news in the vibrant city of Savannah’ and focuses on topics including LGBTQ+ issues and gender reassignment.” 

Microsoft has been tracking recent cyberattacks linked to Iran. (David Paul Morris/Bloomberg via Getty Images / Getty Images)

CLICK HERE TO READ MORE ON FOX BUSINESS        

“The evidence we found suggests the sites are using AI-enabled services to plagiarize at least some of their content from U.S. publications,” Microsoft said, adding that “we share intelligence like this so voters, government institutions, candidates, parties, and others can be aware of influence campaigns and protect themselves from threats.” 

 Latest Business News on Fox Business