Iran has been targeting current and former US officials with hacking attempts in recent years. The Islamic Revolutionary Guard Corps (IRGC) has been linked to these efforts. In June 2022, IRGC hackers posed as a scholar to target a former Trump administration official close to John Bolton.
They sent emails with malicious links to the official’s colleagues, claiming to be seeking feedback on a book about Iran and North Korea’s nuclear programs. Earlier this year, the same group targeted a former senior Biden administration diplomat in the Middle East. They posed as a think tank scholar seeking insights on Israel-Palestine dynamics.
It’s unclear if this attempt succeeded. US intelligence is concerned about Iran’s growing cyber capabilities and willingness to exploit societal divides. Iran has denied allegations of cyberattacks against the US.
The IRGC’s hacking efforts support plots to kidnap or assassinate targets, including collecting data on their locations and movements. Iranian journalist Masih Alinejad and other expatriates face constant hacking attempts and threats.
Iranian cyberattacks on US officials
Iran’s external operations to intimidate and harm targets have surged since the 2020 US killing of IRGC commander Qasem Soleimani. The IRGC perceives the 2024 US elections as pivotal to its interests. According to Meta, an Iranian group called “Mint Sandstorm” used WhatsApp to target Trump and Biden officials with fake tech support messages.
The campaign, tied to the IRGC, aimed to trick targets into disclosing information. Both the Trump and Biden campaigns were targeted, but the Biden campaign says it was not breached. Iran successfully hacked the Trump campaign, and media outlets obtained some of the stolen documents.
More hacked files could emerge before the election. Meta blocked the malicious WhatsApp accounts and informed law enforcement and industry peers. APT42, the group behind the campaign, has previously targeted Middle Eastern military personnel, activists, journalists, and others worldwide.
Meta encourages public figures and campaigns to stay vigilant, use security settings, and report suspicious activity. They continue to monitor threats and take action against malicious attempts.