WASHINGTON – Suspected attempts by Iranian hackers to infiltrate US presidential campaigns have touched off a widening federal investigation into the first major effort by a foreign actor to disrupt the November election.
Investigators believe that attackers tied to Iran succeeded in hacking Republican nominee Donald Trump’s campaign and gained access to internal documents, according to a US law enforcement official who discussed the matter on condition of anonymity.
The intruders also tried to breach the campaigns of Vice-President Kamala Harris and President Joe Biden, before his departure from the race, but it is unclear whether the attempted hacks on Democrats succeeded, the official said.
The inquiry, led by the Federal Bureau of Investigation (FBI), emerged after a report from Microsoft last week described efforts by the Iranian government to access e-mail accounts of presidential campaign staff. Microsoft said the attacks were pulled off by a hacking cell dubbed Mint Sandstorm that is linked to Iran’s Islamic Revolutionary Guard.
Allegations of an Iranian hacking effort come just weeks after US intelligence officials warned that foreign adversaries – including Iran and Russia – would seek to influence the 2024 election in ways that favour their interests. That includes recruiting Americans to spread propaganda, according to the Office of the Director of National Intelligence.
Microsoft’s report did not identify the campaigns targeted by Iran, but said it had notified affected parties. Trump acknowledged the breach in a post on his Truth Social network, where he cast the intrusion as attempted election interference. The law enforcement official confirmed that the Microsoft report was in line with the ongoing inquiry.
A Harris campaign official said that its legal and security teams were notified in July by the FBI that it had been targeted by a foreign influence operation. The campaign is unaware of any breaches to its systems and remains in touch with the authorities, the official said on condition of anonymity to discuss a security issue.
Iran’s mission to the UN has disputed the allegations. “We do not accord any credence to such reports,” it said in a statement. “The Iranian government neither possesses nor harbours any intent or motive to interfere in the United States presidential election.”
US officials and cyber-security experts believe Iran’s government is seeking to undermine Trump’s candidacy after he antagonised Tehran during his first term in office.
While president, Trump scrapped an international nuclear deal with Iran, imposed severe sanctions on the Islamic Republic and ordered the killing of Qassem Soleimani, the head of Iran’s Revolutionary Guard Corps.
“The regime sees Trump as militantly hawkish on Iran and probably has a preference for Harris, just based on the history of Trump’s relationship with Iran,” said Mr David Salvo, managing director at the German Marshall Fund’s Alliance for Securing Democracy.
The news comes as US officials brace themselves for a possible attack by Iran against Israel in retaliation for the killing of Hamas leader Ismail Haniyeh in July in Tehran, as the conflict in Gaza threatened to escalate into a wider regional confrontation.
“The war in Gaza is ample fuel for the Iranian regime to want to step up their information operations against us,” Mr Salvo said. “This election has real consequences for the Middle East.”
Iran has tried to disrupt past US elections. In 2020, its operatives impersonated members of the right-wing Proud Boys group as part of a voter intimidation effort, according to the FBI, resulting in charges against two men.
That same year, Iranian hackers breached a website that a municipal government in the US used to publish election results, though the attackers were caught before carrying out any nefarious activity, US officials said.
The FBI had no immediate comment. A spokesperson for the Cybersecurity and Infrastructure Security Agency (Cisa) referred questions about the hack of the Trump campaign to the Justice Department.
Microsoft cited a so-called spearphishing e-mail sent in June to “a high-ranking official on a presidential campaign from the compromised e-mail account” of an unidentified former Trump adviser.
While Microsoft’s report did not name him, Mr Roger Stone, a close Trump associate, was told by FBI and Microsoft officials months ago that two of his e-mail accounts had been breached by a foreign state actor, according to a person familiar with the matter.
The federal authorities told Mr Stone that the hackers’ aim was to use his e-mail accounts to send phishing e-mails to people within the Trump campaign, the person said. Mr Stone seldom uses the accounts and does not know how they might have been accessed, the person said, adding that Mr Stone is cooperating with the authorities.
The hack of Trump’s campaign was first reported by Politico, which said last week it began receiving e-mails in July containing purported internal campaign documents from an anonymous account. Those files included a dossier on Senator J.D. Vance, Trump’s vice-presidential pick, according to Politico.
In his Truth Social post, Trump insisted that only “publicly available information” had been affected, and his campaign warned media outlets not to publish any materials they received from the breach.
Nation-state hackers have previously used e-mail attacks to infiltrate American political campaigns, such as the Russian hack in 2016, when a state-sponsored group obtained internal e-mails from Mrs Hillary Clinton’s staff that were later published by WikiLeaks. It is unclear whether the material sent to Politico and other news organisations came via the suspected Iranian hackers.
For US adversaries, the goal is to sow chaos, said Mr Christopher Krebs, a former Cisa director.
“It’s undermining our confidence in our government’s ability and democracy in general to provide us the basic services and look out for us,” Mr Krebs told PBS News Hour. BLOOMBERG