Foreign hackers are targeting campaign staffs for both President Donald Trump and Democratic rival Joe Biden ahead of the November US election.
The news was revealed by Google in a series of tweets published by Google’s threat analysis chief Shane Huntley.
Google TAG revealed that China-linked cyberespionage group APT31 is targeting Biden campaign staff, while the Iran-linked APT35 group is targeting Trump campaign staff with spear-phishing attacks.
Huntley invites people involved in campaigns for this election to use the best protection they can, including two factor authentication or Advanced Protection.
The good news is that there is no sign of compromise. anyway, Google already informed its users and informed law enforcement.
Google urges candidates and members of campaigns to improve their security and protect their information.
“From candidates to canvassers, every member of a campaign should understand how to add extra layers of security and protect their information. We recommend everyone associated with political campaigns enroll in our Advanced Protection Program, which bundles all our strongest Google Account security options together.” reads a post published by Google in February. “Advanced Protection is available for both personal and G Suite accounts and we recommend campaign members enroll both types of accounts in the program, which they can now enroll instantly with their Android or iPhone.”
US government fears the influence of foreign hackers and wants to avoid incidents like the 2016 Democratic National Convention (DNC) hack that had a serious impact on 2016 Presidential election.
“This is a major disclosure of potential cyber-enabled influence operations, just as we saw in 2016,” said Graham Brookie, director of the Atlantic Council’s Digital Forensics Research Lab, warning of future potential influence operations.
Huntley added that Google is offering free physical security key hardware and other assistance to US presidential and congressional campaigns.
(SecurityAffairs – foreign hackers, cybersecurity)