Exclusive: Iran sets up hacking structure for US election; check out details

Two years before Iranian hackers breached Donald Trump’s campaign — just over a month ago — they used a similar strategy to target a former government official and former confidant of John Bolton, Trump’s national security adviser and a prominent critic of Iran.

After infiltrating the person’s email account, the hackers sent what appeared to be a harmless request to a group of fellow US-based Iran experts, asking them to review an alleged book the person was writing about the Iranian and North Korean nuclear programs.

“I am close to finishing the manuscript and have started asking experts like yourselves to review the chapters,” read the June 2022 email, a copy of which was obtained by CNN .

The email encouraged half a dozen recipients to click on a link that promised to take them to the alleged manuscript. Instead, it contained malicious code that would have given the hackers unrestricted access to the targets’ computers.

Shortly after sending the email, the person notified the FBI and warned colleagues in a subsequent email about a “very sophisticated hacker” who was impersonating them.

An analysis of the CNN about the hacking group, which experts believe works on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC), reveals previously undisclosed details of the hackers’ multi-year operation, including how they targeted former members of the Trump and Biden administrations.

Along with the June 2022 incident, the CNN I also learned that earlier this year, the same hacking group targeted a former senior Biden administration diplomat in the Middle East with a nearly identical phishing scheme.

In April, the former diplomat received a seemingly innocuous email from someone who introduced himself as an academic at a prominent Washington, DC, think tank.

“Dear Ambassador,” the email began, according to a copy obtained by CNN . The message went on to explain that the think tank was investigating the “evolving dynamics of the Israel-Palestine situation” and “would be honored if you could spare an hour of your time for a discussion.”

It is unclear whether the hacking effort was successful. Contacted by CNN the former diplomat declined to comment. But access to his email account would likely provide a valuable base from which hackers could target Democratic foreign policy circles through a similar impersonation scheme.

Sowing discord

Iran’s quiet but relentless effort to hack current and former U.S. officials across multiple administrations has drawn new attention from U.S. intelligence agencies in recent weeks as Iran has emerged as one of the most aggressive foreign powers trying to sow discord ahead of the 2024 presidential election.

In June, the same group of IRGC-linked hackers targeted the Trump campaign, stealing internal campaign documents and sharing them with news organizations. The hackers breached the email account of longtime Trump ally Roger Stone to target campaign staff, the Times reported. CNN .

Iran’s adoption of a hack-and-leak playbook that Russia used to attack the 2016 election has put U.S. officials on high alert about what Tehran might do next.

“The realization of a hack-and-leak clearly shows not only cyber means, but an intention to fuel social divisions and use them against us,” he told CNN a senior US official monitoring the activity. “Iran is increasingly willing to do so and we must remain resilient to these efforts.”

Iran has consistently denied US allegations of cyberattacks, including the accusation by US intelligence agencies that it had conducted a hack-and-leak targeting the elections.

U.S. intelligence officials are nervous, in part because it is difficult to know when Iran would use the access it may have gained to the email accounts of current and former U.S. officials, whether to gather more information, leak documents or try to sow discord through other tactics.

Iran’s unpredictability in cyberspace is a mystery to U.S. officials, who have blamed Tehran for a 2021 cyberattack on Boston Children’s Hospital and the creation of a website in 2020 that threatened U.S. election officials with targets over photographs of their faces.

Iran’s hacking program is not as advanced as those of China, Russia or the United States, but Tehran has built a capable cadre of cyber actors who have regularly attacked critical infrastructure in the United States and the Middle East over the past decade and a half, experts say.

A senior FBI counterintelligence official shed light on Iran’s modus operandi last year in a rare interview.

“As Iran has a much smaller presence than [outros rivais e adversários dos EUA] in the US because of sanctions and the state of relations, they have to be more creative about how they gather the information they are looking for,” the FBI official told CNN . “Therefore, cybersecurity is a fundamental tool for them.”

By going after the email correspondence of journalists, think tanks and former U.S. officials, the hacking group has demonstrated “a desire to know what’s not being published … what’s being withheld,” said Josh Miller, a former FBI analyst who now tracks Iranian hacking groups at the email security firm Proofpoint. “Because that has a lot of intelligence value.”

Hackers and killers

There is a darker element to some Iranian cyber activity that goes far beyond traditional espionage. IRGC-linked hackers appear to have a broad mandate to collect data that the Iranian regime might consider useful for kidnapping and assassination plots.

In November 2022, the head of the UK’s MI5 spy agency gave a rare public speech in which he revealed that there had been at least 10 “potential threats” by Iran to kidnap or kill people in the UK that year alone. At least one of those plots was aided by Iranian hacking efforts, a UK official told CNN .

Masih Alinejad, a US-based Iranian journalist who has been the target of multiple assassination plots, told CNN for the past year that he has been receiving an almost daily stream of text messages and emails from hackers trying to break into his phone.

“They will not leave me alone because I have the biggest social media platform among all the opposition leaders, all the opposition activists,” Alinejad said.

Other Iranian expats said they had been targeted by suspected IRGC-linked hackers but refused to say so publicly out of fear for their safety or privacy.

The former Trump official who was hacked in 2022 to target Iran critics was hacked just months before the Justice Department charged an IRGC member with trying to kill Bolton. One possible reason the hackers targeted the former official was to try to track Bolton’s movements as part of the assassination plot, Proofpoint’s Miller told CNN .

Bolton is just one of several former Trump administration officials — including the former president himself — who Iran allegedly plotted to kill to avenge the 2020 U.S. assassination of top IRGC commander Qasem Soleimani (Iran denies allegations of an assassination plot).

The number of Iranian “external operations” in various countries (defined as plots to kidnap, kill, surveil or intimidate targets) has increased since Soleimani’s assassination, according to a study by the Washington Institute for Near East Policy. The think tank has recorded 115 such operations since Soleimani’s death, more than half the total number of operations since the founding of the Islamic Republic of Iran in 1979.

“In recent years, Iranian cyber activity has shifted from purely espionage to efforts to collect actionable information about the location and movements of people Iran seeks to target,” Matthew Levitt, head of the counterterrorism and intelligence program at the Washington Institute for Near East Policy, told CNN . “This typically involves creating fake personas and penetrating computers to be able to remain on the systems for long periods of time and collect information.”

This election cycle, the FBI has already investigated both an Iranian hacking of Trump’s campaign and an alleged Iranian plot to kill the candidate himself. While the activities are separate, U.S. authorities believe they stem from a uniquely desperate regime.

“Iran considers this year’s elections to be particularly important in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome,” U.S. intelligence and security agencies, including the FBI, said in an Aug. 19 report.

Who is Ismail Haniyeh, Hamas political leader killed in Iran?

This content was originally published in Exclusive: Iran sets up hacking structure for US election; check out details on the CNN Brasil website.

Source: CNN Brasil