Researchers at Microsoft revealed on Friday that hackers linked to the Iranian government attempted to breach the account of a "senior official" in a U.S. presidential campaign in June, following weeks after the hack of a U.S. official’s account at a county level. The researchers stated in a report that did not provide further details regarding the identity of this "official" that the breaches were part of increasing efforts by Iranian groups to influence the upcoming U.S. presidential election scheduled for November.
This report follows recent statements from high-ranking U.S. intelligence officials who noted that Iran is intensifying the use of covert social media accounts to exploit political disputes in the United States. The Iranian mission to the United Nations in New York stated that its cyber capabilities are "defensive and proportionate to the threats it faces" and that it does not plan to launch cyber attacks. In response to the accusations mentioned in the Microsoft report, the mission added: "The U.S. presidential elections are an internal matter in which Iran does not interfere."
The report detailed that a group managed by the Iranian Revolutionary Guard’s intelligence unit sent a phishing email to a senior official in a presidential campaign, and "another group tied to the Revolutionary Guard hacked a user account operating under the principle of least privilege at the county government level." It indicated that this activity appeared to be part of a broader campaign by Iranian groups to gather intelligence on U.S. political campaigns and target swing states.
Furthermore, it was noted that the county-level employee's account was hacked in May as part of a larger "credential stuffing" operation where hackers use commonly leaked passwords across multiple accounts to compromise one. The report stated that the hackers were unable to access any other accounts through this breach and the targets have been notified.