By Chris Strohm, Natalia Drozdiak and Jeff Stone
Suspected attempts by Iranian hackers to infiltrate US presidential campaigns have touched off a widening federal investigation into the first major effort by a foreign actor to disrupt the November election.
Investigators believe that attackers tied to Iran succeeded in hacking Republican nominee Donald Trump’s campaign and gained access to internal documents, according to a US law enforcement official who discussed the matter on condition of anonymity. The intruders also tried to breach the campaigns of Vice President Kamala Harris and President Joe Biden, before his departure from the race, but it’s unclear whether the attempted hacks on Democrats succeeded, the official said.
The inquiry, led by the Federal Bureau of Investigation, emerged after a report from Microsoft Corp. last week described efforts by the Iranian government to access email accounts of presidential campaign staff members. Microsoft said the attacks were pulled off by a hacking cell dubbed Mint Sandstorm that’s linked to Iran’s Islamic Revolutionary Guard.
Allegations of an Iranian hacking effort come just weeks after US intelligence officials warned that foreign adversaries — including Iran and Russia — would seek to influence the 2024 election in ways that favor their interests. That includes recruiting Americans to spread propaganda, according to the Office of the Director of National Intelligence.
Microsoft’s report didn’t identify the campaigns targeted by Iran, but said it had notified affected parties. Trump acknowledged the breach in a post on his Truth Social network, where he cast the intrusion as attempted election interference. The law enforcement official confirmed that the Microsoft report was in line with the ongoing inquiry.
More From This Section
A Harris campaign official said that its legal and security teams were notified last month by the FBI that it had been targeted by a foreign influence operation. The campaign is unaware of any breaches to its systems and remains in touch with authorities, the official said on condition of anonymity to discuss a security issue.
Iran’s mission to the United Nations has disputed the allegations. “We do not accord any credence to such reports,” the mission said in a statement. “The Iranian Government neither possesses nor harbors any intent or motive to interfere in the United States presidential election.”
US officials and cybersecurity experts believe Iran’s government is seeking to undermine Trump’s candidacy after he antagonised Tehran during his first term in office. While president, Trump scrapped an international nuclear deal with Iran, imposed severe sanctions on the Islamic Republic and ordered the killing of Qassem Soleimani, the head of Iran’s Revolutionary Guard Corps.
“The regime sees Trump as militantly hawkish on Iran and probably has a preference for Harris, just based on the history of Trump’s relationship with Iran,” said David Salvo, managing director at the German Marshall Fund’s Alliance for Securing Democracy.
The news comes as US officials brace for a possible attack by Iran against Israel in retaliation for the killing of Hamas leader Ismail Haniyeh last month in Tehran, as the conflict in Gaza threatened to escalate into a wider regional confrontation.
“The war in Gaza is ample fuel for the Iranian regime to want to step up their information operations against us,” Salvo said. “This election has real consequences for the Middle East.”
Iran has tried to disrupt past US elections. In 2020, its operatives impersonated members of the right-wing Proud Boys group as part of a voter intimidation effort, according to the FBI, resulting in charges against two men. That same year, Iranian hackers breached a website that a municipal government in the US used to publish election results, though the attackers were caught before carrying out any nefarious activity, US officials said.
The FBI had no immediate comment. A spokesperson for the Cybersecurity and Infrastructure Security Agency referred questions about the hack of the Trump campaign to the Justice Department.
Microsoft cited a so-called spearphishing email sent in June to “a high-ranking official on a presidential campaign from the compromised email account” of an unidentified former Trump adviser. While Microsoft’s report did not name him, Roger Stone, a close Trump associate, was told by FBI and Microsoft officials months ago that two of his email accounts had been breached by a foreign state actor, according to a person familiar with the matter.
Federal authorities told Stone that the hackers’ aim was to use his email accounts to send phishing emails to people within the Trump campaign, the person said. Stone seldom uses the accounts and doesn’t know how they might have been accessed, the person said, adding that Stone is cooperating with authorities.
The hack of Trump’s campaign was first reported by Politico, which said last week it began receiving emails last month containing purported internal campaign documents from an anonymous account. Those files included a dossier on Senator JD Vance, Trump’s vice presidential pick, according to Politico.
In his Truth Social post, Trump insisted that only “publicly available information” had been affected, and his campaign warned media outlets not to publish any materials they received from the breach.
Nation-state hackers have previously used email attacks to infiltrate American political campaigns, such as the Russian hack in 2016, when a state-sponsored group obtained internal emails from Hillary Clinton’s staffers that were later published by WikiLeaks. It’s unclear whether the material sent to Politico and other news organisations came via the suspected Iranian hackers.
For US adversaries, the goal is to sow chaos, said Christopher Krebs, a former CISA director.
“It’s undermining our confidence in our government’s ability and democracy in general to provide us the basic services and look out for us,” Krebs told PBS News Hour.