Iranian-linked election interference operation shows signs of recent access
The people behind the alleged Iranian hacking effort targeting former President Donald Trump’s campaign continue to share material with journalists, including a letter dated Sept. 15, suggesting recent access to campaign materials or that the election interference operation is ongoing.
Judd Legum, the publisher of the Popular Information newsletter, reported Tuesday that the persona that had been reaching out to multiple journalists with material apparently stolen from the campaign or its associates contacted him Sept. 18 with offers to share Trump-related material.
Along with background research on Sen. JD Vance, the Republican vice presidential nominee, and others, “Robert” shared a four-page letter dated Sept. 15 from an attorney representing Trump to several people at the New York Times, Legum reported. Legum shared the letter with Semafor, which reported separately Tuesday that it had verified the letter with that date as having been sent to the Times.
A New York Times spokesperson confirmed the newspaper did receive a letter dated Sept. 15 from an unnamed law firm, but declined to share any additional details.
Trump campaign spokesperson Steven Cheung did not respond to questions about the purported Sept. 15 letter or whether the campaign believes the Iranian operation maintains access to email accounts belonging to campaign staff or associated parties.
The U.S. government attributed the “Robert”-related activity to the Iranian government, assessing that the country wants to “stoke discord and undermine confidence” in U.S. elections. The Office of the Director of National Intelligence has issued a pair of statements on the ordeal, saying the Iranians “sought access to individuals with direct access” to presidential campaigns of both political parties, and further investigation revealed the Iranians sought to send Trump-related material to people connected to President Joe Biden’s now-dormant campaign.
A spokesperson for the Permanent Mission of the Islamic Republic of Iran to the United Nations has repeatedly denied the accusations in statements to CyberScoop.
The Microsoft Threat Analysis Center reported Aug. 8 that a group connected to the Islamic Revolutionary Guard Corps (IRGC) used the compromised account of a former senior adviser to a presidential campaign to hack a high-ranking official on the unnamed campaign. The Trump campaign confirmed two days later it had been targeted in the operation.
CNN later reported that the email account for Trump adviser Roger Stone was compromised.
Google’s Threat Analysis Group reported Aug. 14 that the activity was the work of a group it tracks as APT42, which it says is associated with the IRGC. The Iranian-linked group “consistently targets high-profile users in Israel and the U.S., including current and former government officials, political campaigns, diplomats, individuals who work at think tanks, as well as NGOs and academic institutions that contribute to foreign policy conversations,” according to Google.
The activity targeted people associated with both campaigns, according to Google, just as it had in 2020. Attempts were made to access the personal email accounts of roughly “a dozen” people affiliated with Biden and Trump, including current and former U.S. government and campaign officials, Google said.
“We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals,” the company added, but the hackers were able to access the personal Gmail account of at least one “high-profile political consultant.”
Google “quickly” secured the account and referred the activity to law enforcement in early July, the company said. “Today, TAG continues to observe unsuccessful attempts from APT42 to compromise the personal accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump, including current and former government officials and individuals associated with the campaigns.”
