Cyberwarfare / Nation-State Attacks , Election Security , Fraud Management & Cybercrime

Trump Campaign Blames Iranian Hack on Docs Leaked to Media

Anonymous Politico Source 'Robert' Shares Dossiers on Trump VP Options Vance, Rubio
Trump Campaign Blames Iranian Hack on Docs Leaked to Media
Former President Donald Trump at the Republican National Convention on July 17, 2024, just days after he survived an assassination attempt and a few days before an anonymous source approached Politico with stolen campaign reports. (Image: Shutterstock)

A campaign official for former President Donald Trump said on Saturday that "foreign sources" stole sensitive documents including reports created to vet Trump's vice presidential nominees. The campaign blamed it on election interference by Iranian hackers but provided no evidence for the claim.

See Also: Critical Infrastructure Cybersecurity & Risk Monitoring: Elections Infrastructure

Politico reported Saturday that an anonymous source has been sharing internal Trump campaign documents with the news organization for weeks. "On July 22, Politico began receiving emails from an anonymous account. Over the course of the past few weeks, the person - who used an AOL email account and identified themselves only as 'Robert' - relayed what appeared to be internal communications from a senior Trump campaign official," Politico said.

In response to questions from Politico, Trump campaign spokesman Steven Cheung confirmed the breach and implied that Iranian hackers were responsible, citing a Microsoft report released Thursday that details election interference by foreign adversaries.

"These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process," Cheung told the publication. "A new report from Microsoft found that Iranian hackers broke into the account of a 'high ranking official' on the U.S. presidential campaign in June 2024, which coincides with the close timing of President Trump's selection of a vice presidential nominee."

In its report, Microsoft said several Iranian nation-state groups are stepping up information operations tied to election interference. Microsoft said a group it tracks as Mint Sandstorm, which is run by the Islamic Revolutionary Guard Corps intelligence unit, sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior adviser. The Microsoft security team said it notified the targeted officials.

"The phishing email contained a fake forward with a hyperlink that directs traffic through an actor-controlled domain before redirecting to the listed domain," Microsoft said, adding that the group, also known as Charming Kitten, unsuccessfully tried to log in to the account of a "former presidential candidate" on June 13, just prior to the phishing attempt.

The attack occurred just weeks after the same group successfully compromised the account of a county-level official in a swing state - although the incident may have been part of a broader password spray operation unconnected to Tehran election influence operations, it said.

"Regardless of the intent, this targeting is a reminder that senior policymakers should be cognizant of monitoring and following cybersecurity best practices even for legacy or archived infrastructure, as they can be ripe targets for threat actors seeking to collect intelligence, run cyber-enabled influence operations, or both," Microsoft said. The report also included examples of election influence by nation-state groups affiliated with Russia and China.

After the attempted assassination of Trump at a campaign rally July 13, campaign officials warned that Iran was plotting to kill the former president in retaliation for him ordering the 2020 drone strike that killed Qasem Soleimani, the top general in Iran's IRGC. An Iranian official denied that allegation, calling it "malicious."

"The Iranians know that President Trump will stop their reign of terror just like he did in his first four years in the White House," Cheung told The Hill.

Politico, which didn't say if it plans to release the reports from the anonymous source, described the document on GOP vice presidential nominee JD Vance, who's a U.S. senator from Ohio, as a 271-page "research dossier" based on "publicly available information about Vance's past record and statements, with some - such as his past criticisms of Trump - identified in the document as "potential vulnerabilities." The source also sent a portion of a research document about U.S. Sen. Marco Rubio, R-Fla., who was reportedly a top contender for Trump's vice presidential pick.

The leak raises questions about the media's role in election influence campaigns led by foreign adversaries. Trump in 2016 publicly called on Russia to hack rival Hillary Clinton's deleted emails. Subsequently, hackers phished Clinton campaign manager John Podesta and stole thousands of emails, some of which contained embarrassing details about the campaign and its conflicts with Democratic rival Bernie Sanders, which were later leaked to the media just prior to the election. The Russian phishing attack, later confirmed by federal investigators, led to a special counsel investigation into Russian election interference and resulted in multiple indictments against Russian threat actors linked to the country's intelligence service.

The Trump spokesman said the media should refrain from publishing stolen campaign information. "Any media or news outlet reprinting documents or internal communications are doing the bidding of America's enemies and doing exactly what they want," Cheung said.

A National Security Council spokesperson told CBS News on Saturday that it will defer to the U.S. Department of Justice on the matter and that the "Biden-Harris administration strongly condemns any foreign government or entity who attempts to interfere in our electoral process or seeks to undermine confidence in our democratic institutions."

Politico said it doesn't know who the source is, and when the news organization asked how "Robert" obtained the documents, it reported that Robert responded by claiming: "I suggest you don't be curious about where I got them from. Any answer to this question, will compromise me and also legally restricts you from publishing them."


About the Author

Cal Harrison

Cal Harrison

Editorial Director, ISMG

Harrison helps ISMG readers gain new perspectives on the latest cybersecurity trends, research and emerging insights. A 30-year veteran writer and editor, he has served as an award-winning print and online journalist, mass communication professor and senior digital content strategist for DXC Technology, where he led thought leadership, case studies and the Threat Intelligence Report for the Fortune 500 firm's global security, cloud and IT infrastructure practices.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.