It is still not completely clear who hacked the Trump campaign in recent days, but strong signs from several different sources are pointing to an Iranian election interference campaign that has also targeted the Biden and Harris campaigns since at least June.
The FBI has confirmed that it is investigating cyber actions against both campaigns by Iranian state-backed groups, though it has not yet said that the Trump campaign attack was perpetrated by them. Microsoft’s threat team has also released a report indicating a high-level official with Trump’s staff had an email account targeted by Iranian hackers. The Trump team has indicated that it believes foreign hackers were behind the breach, and a former Trump advisor confirmed that a personal email account was taken over and used to send the campaign phishing messages.
Trump campaign dossiers stolen, but not yet leaked to general public
The incident was confirmed last week by both the Trump campaign and an assortment of major news outlets that had the stolen documents offered to them. The hacker has thus far offered up vetting dossiers on Trump’s prospective VP choices, including a 271-page file on eventual pick J.D. Vance. Only a limited number of news sources have received these files, and all have thus far agreed not to publish them or report on details. The Washington Post, one of the sources that received the Vance dossier, says that it is composed largely of public information and does not contain anything particularly newsworthy.
Microsoft said that the group that targeted the Trump campaign is “Mint Sandstorm,” a known Iran-backed APT group with an established history of espionage and data theft. It did not specify if the attempt on the email account actually worked, so it is unclear if its report is directly related to the breach.
The Trump campaign has also yet to specify that it believes the foreign actor was Iran, but has said that it has fortified its security and training of staff in response to the incident.
Iran leading the early pack in US election disruption attempts
At this late stage of US presidential elections, Russia or China are usually in the news for some sort of interference attempt involving a data breach. US rivals have been surprisingly quiet thus far, however, with Iran seemingly making the most noise thus far.
Though Iran has a seeming strong preference for the Democrat side to win, that does not appear to have stopped it from targeting Biden-Harris staffers as well. The FBI says that these attempts date back to June and that at least three members of the Democrat side received spearphishing emails (which were not successful).
The Trump campaign was also reportedly targeted by spearphishing by way of political consultant Roger Stone, who is a longtime friend of Trump and worked on the presidential campaigns before being convicted of making false claims of voter fraud in 2020. Stone says that two of his personal email accounts were hacked and used to deliver phishing messages to Trump staffers, and that the FBI told him Iranian hackers were to blame.
Iran is always interested in causing general havoc, but it has special reason to oppose the Trump campaign. The country has vowed revenge for the 2020 assassination of general Qasem Soleimani, and is also facing a potential military conflict with Israel that Trump has signaled he will provide strong assistance for if elected.