Russia wants a Trump return but latest hacking case shows Iran wants him to lose
By David E. Sanger and Michael Gold
For the third presidential election in a row, the foreign hacking of the campaigns has begun in earnest. But this time, it’s the Iranians, not the Russians, making the first significant move.
On Friday, Microsoft released a report declaring that a hacking group run by the intelligence unit of Iran’s Revolutionary Guard had breached the account of a “former senior adviser” to a presidential campaign. From that account, Microsoft said, the group sent fake email messages, known as “spear phishing”, to “a high-ranking official of a presidential campaign” in an effort to break into the campaign’s accounts and databases.
Former president Donald Trump prepares to board a flight from Florida to a campaign rally in North Carolina.Credit: New York Times
By Saturday night, former president Donald Trump was declaring on his Truth Social platform that Microsoft had informed his campaign “that one of our many websites was hacked by the Iranian Government – Never a nice thing to do!” but that the hackers had obtained only publicly available information. He attributed it all to what he called, in his signature selective capitalisation, a “Weak and Ineffective” Biden administration.
The facts were murkier, and it is unclear what, if anything, the Iranian group, which Microsoft called Mint Sandstorm, was able to achieve.
Trump’s campaign was already blaming “foreign sources hostile to the United States” for a leak of internal documents that Politico reported on Saturday that it had received, though it is unclear whether those documents emerged from the Iranian efforts or were part of an unrelated leak from inside the campaign.
The New York Times received what appears to be a similar if not identical trove of data from an anonymous tipster purporting to be the same person who emailed the documents to Politico.
Either way, the events of the past few days may well portend a more intense period of foreign interference in a race whose sudden turns, and changes of candidates, could have thrown the hackers off their plans.
Russia has so far played a relatively minor role, investigators and cybersecurity experts say, focusing instead on seeking to undermine the Olympics, from which it was barred from fielding its own team, and support for Ukraine. While American intelligence officials say they have little doubt Russia wants to see Trump return to office, they say Chinese hackers seem uncertain how to play the election; they have reason to dislike Trump and Vice President Kamala Harris.
There is little doubt, investigators say, that the Iranians want Trump defeated. As president, he withdrew from the 2015 nuclear deal, reimposed economic sanctions on Iran and then, in January 2020, ordered the killing in Iraq of Major General Qassem Soleimani, commander of the Quds Force, a clandestine wing of the Revolutionary Guard responsible for foreign operations.
Four years later, the Revolutionary Guard appears still determined to avenge Soleimani’s death. Last week, the Justice Department said it had charged a Pakistani man who had recently visited Iran, accusing him of trying to hire a hit man to assassinate political figures in the US, most likely including Trump. (There is no evidence that Iran was involved in the July 13 attempt on Trump’s life in Butler, Pennsylvania.)
Trump often casts his actions against Iran as evidence of his strength, despite the fact his exit from the Iran deal gave Tehran an opening to rebuild a nuclear program that had been hobbled by the 2015 agreement. Still, the combination of the hack and the hit men looking for Trump and his former aides gave the former president an obvious foil, and he was using it at the weekend to make the case that the Iranians would prefer a continuation of the Biden-Harris administration.
Microsoft stopped short of saying the hacking effort it detected was focused on Trump’s campaign, though the campaign itself said that was the case. In an interview, Tom Burt, head of the company’s customer security and trust team, said that in June, “the Iranian team associated with Iranian intelligence” operations of the Revolutionary Guard breached the email account of a former Trump campaign adviser, whom the company did not name. From that account, he said, the Iranians sent a spear phishing email to an official of a presidential campaign.
While it would have appeared to the recipient to have come from the former Trump campaign adviser, Burt refused to say whether the targeted campaign was also Trump’s. By long-established practice, Microsoft says, it can reveal such details only with the permission of the victim of an attack.
In many ways, the effort was similar in technique to what Iran attempted when it sought to interfere in the 2020 presidential campaign. This time, however, the Iranian effort looks to have been more sophisticated – namely, through the hacking of a trusted intermediary – suggesting the hackers learnt something from what the Russians accomplished in past campaigns, notably in 2016.
But Burt said the company could not determine whether the effort was successful in penetrating the campaign it targeted.
The documents sent to Politico, as it described them, and to The New York Times included research about and assessments of potential vice-presidential nominees, including Senator J.D. Vance, whom Trump ultimately selected. Like many such vetting documents, they contained past statements with the potential to be embarrassing or damaging, such as Vance’s remarks casting aspersions on Trump.
In a statement on Saturday, Trump campaign spokesman Steven Cheung pre-emptively chastised outlets that reported on any information that was improperly obtained.
“Any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies and doing exactly what they want,” he wrote.
The 2016 election that Trump won was marked by similar “hack and leak” efforts after Russian hackers broke into the email accounts of top Democratic officials. Leaked emails showed the internal workings of the party and of Hillary Clinton’s campaign. They also revealed criticisms of Clinton by aides, and a trove of them was published by WikiLeaks in the final weeks of the presidential race.
Seeking an edge then, Trump’s campaign seized on the emails – many of them from Clinton’s campaign chair, John Podesta. “We love WikiLeaks,” Trump declared at the time.
This article originally appeared in The New York Times.
Get a note directly from our foreign correspondents on what’s making headlines around the world. Sign up for our weekly What in the World newsletter.