Microsoft’s cyber threat assessment unit said on Aug. 9 that a high-ranking official on a U.S. presidential campaign had been hacked by an Iran-backed group, with the Trump campaign later revealing that it had been the target of a cyber attack and linked the breach to “foreign sources hostile to the United States.”
The report from the Microsoft Threat Analysis Center (MTAC) indicates that an Iranian group called Mint Sandstorm that is connected to the Islamic Revolutionary Guard Corps sent a spear phishing email in June to a high-ranking official on a presidential campaign from the compromised email account belonging to a former senior campaign adviser.
“Mint Sandstorm similarly targeted a presidential campaign in May and June 2020 five to six months ahead of the last U.S. presidential election,” MTAC said, adding that the same group also tried but failed to breach an account belonging to a former presidential candidate.
No details were released on the official’s identity, but Microsoft’s threat assessment team said that the Iranian-linked breaches related to increasing attempts to influence the U.S. presidential election in November.
“This recent cyber-enabled influence activity arises from a combination of actors which are conducting initial cyber reconnaissance and seeding online personas and websites into the information space,” according to the report.
Following the release of the report, the Trump 2024 presidential campaign confirmed that it had been the target of a cyberattack in which campaign documents were stolen.
The breach, which Trump campaign spokesperson Steven Cheung told Politico on Aug. 10 has been attributed to “foreign sources hostile to the United States,” marks a significant development in the area of foreign interference in U.S. elections as the race for the White House heats up.
Politico reported that, on July 22, it began receiving emails from an anonymous source using the alias “Robert.” The emails reportedly contained internal documents from the Trump campaign, including a 271-page research dossier on Sen. JD Vance (R-Ohio), who was vetted as a potential vice presidential nominee and later chosen as former President Donald Trump’s running mate.
Cheung pointed to the Microsoft report and its finding that Iranian hackers had broken into the account of a high-ranking official on the U.S. presidential campaign as evidence of involvement of a foreign hostile power in the Trump campaign breach.
“These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our democratic process,” Cheung told the outlet.
He also linked the timing of the breach to reports of Iranian plots against Trump, who remains a target of Iranian hostility after ordering the 2020 assassination of Iranian General Qassem Soleimani.
Cheung, who did not immediately respond to a request from The Epoch Times for more details of the development, declined to tell Politico whether the Trump campaign had contacted law enforcement in regards to the breach.
U.S. intelligence officials recently stated that Iran had been hard at work sowing political discord in the United States via the use of clandestine or ghost social media accounts. Iran has denied that such practices are taking place and said that any actions against the United States are purely defensive and do not involve cyber attacks.
The Office of the Director of National Intelligence (ODNI) released a statement in July confirming that Iranian groups had targeted the U.S. political campaign, specifically that of Trump, to influence the upcoming election.
The U.S. intelligence community “has observed Tehran working to influence the presidential election, probably because Iranian leaders want to avoid an outcome they perceive would increase tensions with the United States,” the statement reads.
Microsoft’s report said that the hackers’ activity also covered a wider scope, including gaining intelligence on U.S. political campaigns, which allowed Iranian groups to target political swing states in the United States.
The report also stated that the previous breach involving the county official, which took place in May, was part of a wider “password spray operation.” This type of operation involves the use of common or leaked passwords, which hackers use on multiple accounts until they find a match and break into one.
The report confirmed that no other accounts were compromised through the breach and that all other targeted officials were notified of the cyber attack.