State-backed hackers have targeted the election campaigns of US President Donald Trump and former vice president Joe Biden, Google said.
The company confirmed the findings after the director of its Threat Analysis Group, Shane Huntley, disclosed the attempts on Twitter.
Mr Huntley said a Chinese group known as Hurricane Panda targeted Trump campaign staff while an Iranian outfit known as Charming Kitten had attempted to breach accounts of Biden campaign workers.
Google said it saw no evidence that the phishing attempts were successful.
If you are working on a campaign this election cycle, your personal accounts may be targeted. Use the best protection you can. Two factor authentication or Advanced Protection really can make a difference. https://t.co/Y8shDx9eWu
— Shane Huntley (@ShaneHuntley) June 4, 2020
Such attempts typically involve forged emails with links designed to harvest passwords or infect devices with malware.
The effort targeted personal email accounts of staff in both campaigns, according to the company statement.
A Google spokesman added that “the timeline is recent and that a couple of people were targeted on both campaigns”.
He would not say how many.
Google said it sent targeted users “our standard government-backed attack warning” and referred the incidents to federal law enforcement.
This is a major disclosure of potential cyber-enabled influence operations, just as we saw in 2016.
It's a necessary reminder, especially to campaigns. https://t.co/eKqWvN7Ub0
— Graham Brookie (@GrahamBrookie) June 4, 2020
Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab, called the announcement “a major disclosure of potential cyber-enabled influence operations, just as we saw in 2016″.
His tweet referred to the Russian hacking of the Democratic National Committee and Hillary Clinton’s 2016 presidential campaign and subsequent online release of internal emails – some doctored – that US investigators determined sought to assist the Trump campaign.
Neither the Biden nor the Trump campaign would say how many staff were targeted, when the attempts took place or whether the phishing was successful.
Both campaigns have been extremely reticent about discussing cyber security.
“The Trump campaign has been briefed that foreign actors unsuccessfully attempted to breach the technology of our staff,” the campaign said in a statement.
“We are vigilant about cyber security and do not discuss any of our precautions.”
The Biden campaign did not even confirm the attempt.
“We are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff,” it said in a statement.
“We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them.”
Hurricane Panda, also known by security researchers as Zirconium or APT31 – an abbreviation for “advanced persistent threat” – is known for focusing on intellectual property theft and other espionage.
Charming Kitten, also known as Newscaster and APT35, is reported to have targeted US and Middle Eastern government officials and businesses, also for information theft and spying.
In October, Microsoft said hackers linked to Iran’s government had targeted a US presidential campaign and the New York Times and Reuters identified the target as Mr Trump’s re-election campaign.
Campaign spokesman Tim Murtaugh said at the time that there was “no indication that any of our campaign infrastructure was targeted”.
A former director of the National Security Agency, Keith Alexander, said he fully expects geopolitical rivals of the US to take advantage of the Covid-19 crisis and unrest in the country.
“This is an increased time I think for adversaries to hurt our country and I do think they will take that during elections,” he said.