This article is from the source 'nytimes' and was first published or seen
on .
It last changed over 40 days ago and won't be checked again for changes.
SAN FRANCISCO — Iranian hackers targeted hundreds of email accounts associated with at least one presidential campaign, as well as those of American journalists and current and former United States government officials, Microsoft said Friday, in a sign of how cyberattacks will become a fixture of the 2020 presidential election.
SAN FRANCISCO — Iranian hackers targeted President Trump’s re-election campaign, two people with knowledge of the attacks said on Friday, in a sign of how cyberattacks could become a fixture of the 2020 presidential election.
Microsoft said in a report that hackers, with apparent backing from Iran’s government, had made more than 2,700 attempts to identify the email accounts of current and former government officials, journalists covering political campaigns and accounts associated with one major presidential campaign. In at least four cases, the hackers successfully infiltrated inboxes.
News that Mr. Trump’s campaign was an Iranian target came just hours after Microsoft said in a report that hackers, with apparent backing from Iran’s government, had made more than 2,700 attempts to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign.
Microsoft would not name the campaign.
The two people, who were not allowed to publicly discuss the investigation into the hacks, said it was not clear what information was taken in the attack on the Trump campaign. While Microsoft did not name Iran’s targets in its report, it found evidence that hackers successfully infiltrated email inboxes in at least four cases.
The report was released as the Trump administration continues to weigh a cyberstrike against Iran to punish Tehran for what White House officials charge was an Iranian attack on Saudi oil facilities last month.
Tim Murtaugh, the Trump campaign’s communications director, said in a statement that “we have no indication that any of our campaign infrastructure was targeted.”
The Microsoft researchers said the hackers had tried to attack 241 accounts and were successful in four cases, using fairly unsophisticated means. In those cases, the hackers appear to have used information available about their victims online to discover their passwords. It was unclear what information they stole.
The Iranian attack is the latest indication that cyberattacks and disinformation are likely to play a major role in the 2020 presidential campaign, as they did four years ago.
But the incentives to influence the election are likely to be very different than they were in 2016 when Russian hackers infiltrated the computer networks of Democrats and Republicans, then selectively leaked and disseminated Democrats’ emails, including those of John Podesta, chair of Hillary Clinton’s 2016 campaign, in an effort to harm Mrs. Clinton’s campaign.
In addition to Iran, hackers from North Korea and Russia have already started actively targeting organizations that work closely with 2020 presidential candidates.
No representatives for other presidential candidates said on Friday that their campaigns had been targeted.
The news that Iranian hackers targeted Mr. Trump came as his administration continues to weigh a cyberstrike against Iran to punish Tehran for what White House officials charge was an Iranian attack on Saudi oil facilities last month.
Iran’s targeting of Mr. Trump is part of a much broader Iranian campaign, according to the Microsoft report, which found that hackers had tried to attack 241 accounts, using fairly unsophisticated means. The hackers appeared to have used information available about their victims online to discover their passwords. It was unclear what information they stole.
For weeks, officials from the F.B.I., the Department of Homeland Security and the National Security Agency have said they are particularly concerned about Iranian-backed attacks. Their worries stemmed from rising tensions over new sanctions on Iran and nascent Iranian activity in the 2018 midterm elections.
For weeks, officials from the F.B.I., the Department of Homeland Security and the National Security Agency have said they are particularly concerned about Iranian-backed attacks. Their worries stemmed from rising tensions over new sanctions on Iran and nascent Iranian activity in the 2018 midterm elections.
While the officials said they believed that all the American presidential candidates were likely targets, President Trump’s campaign has long been considered a prime target.
While the officials said they believed that all the American presidential candidates were likely targets, President Trump’s campaign has long been considered a prime target.
It was Mr. Trump who abandoned the 2015 nuclear deal with Iran last year, and who has ramped up sanctions to the point that Iran’s oil revenues have dropped sharply. The United States has also designated the Islamic Revolutionary Guard Corps a terrorist group. The guard corps oversees the nuclear program and, by some accounts, Iran’s best hacking group, its Cyber Corps.
It was Mr. Trump who abandoned the 2015 nuclear deal with Iran last year, and who has ramped up sanctions to the point that Iran’s oil revenues have dropped sharply. The United States has also designated the Islamic Revolutionary Guard Corps a terrorist group. The I.R.G. oversees the nuclear program and, by some accounts, Iran’s best hacking group, its Cyber Corps.
But it is not clear whether the group Microsoft identified reports to the cyber corps or is made up, deliberately, of freelancers and others whose affiliations are harder to trace.
But it is not clear whether the group Microsoft identified reports to the Cyber Corps or is made up, deliberately, of freelancers and others whose affiliations are harder to trace.
When Iranian officials are asked about cyberattacks, they admit nothing but note that attacks have been two-way. Three times in the past decade, the United States has directed cyberweapons against Iranian targets. The most famous attack, code-named Olympic Games, wiped out about 1,000 centrifuges at the Natanz nuclear enrichment site.
This is a developing story. It will be updated.
Since then, there was a long-running cybercampaign to disable Iranian missiles and, early this summer, an attack on a database that the Iranian military runs to track ships in the Persian Gulf, disabling Iranian abilities to follow and seize them.
In recent weeks, United States Cyber Command was asked to develop options for retaliating against the missile and drone attacks on Saudi Arabia’s oil fields. Officials reported that a cyberstrike against Iran, which the United States and Saudi Arabia blamed for the attacks, was emerging as the most attractive option, in an effort to avoid the kind of escalation that might result from a more conventional strike.
So far, there is no evidence of such action, but it might take a while to gain access to Iranian computer networks, and the results might be subtle. Microsoft said little about the timing of the targeting of the campaigns and journalists, but there have been similar waves of such attacks over the past several years.
Security executives at the Democratic National Committee warned staff members in an email this week that Iranian hackers might be targeting their email accounts with so-called spearphishing attacks, in which hackers try to lure their target into clicking on a malicious link or attachment. That link or attachment can give attackers a foothold into a computer network.
The hackers were also believed to be interfering with an additional security feature known as two-factor authentication — a common security method that asks for credentials beyond a password — and were creating fake LinkedIn personas to make their email lures more believable.
After Russia’s interference in the 2016 presidential campaign, Democrats have repeatedly warned their Republican counterparts that election interference cuts both ways, and that state-sponsored hackers may not always seek to help the Republican candidate. To date, Senator Mitch McConnell of Kentucky, the majority leader, has refused to bring any election security bills to the floor.
Other cybersecurity firms said they were also witnessing what appeared to be the beginning stages of several different nation-state cyberattacks on American political campaigns.
Area 1, a Silicon Valley security company that is helping presidential and Senate candidates block phishing attacks, is witnessing cyberattacks against candidates across the political spectrum, said Oren Falkowitz, its chief executive.
“We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” Mr. Falkowitz said in an interview.
In July, Tom Burt, Microsoft’s corporate vice president, told an audience at the Aspen Security Conference that Microsoft had evidence that Russia, Iran and North Korea had been the most active nations conducting cyberattacks.
Mr. Burt said Russian, Iranian and North Korean hackers had been targeting nongovernmental organizations and think tanks that work closely with political campaigns in the United States. He added that in the race to infiltrate the inboxes of American political operatives and campaigns, Chinese hackers had been notably quiet.
