The announcement by the Trump campaign followed inquiries from media outlets about an internal screening document regarding vice-presidential hopeful JD Vance that was leaked to them.
On Thursday, The Washington Post received a 271-page document, marked as “privileged & confidential,” from an unidentified AOL user using the alias “Robert.” Politico, which reported first on the Trump campaign’s statement, revealed that they had been receiving documents, including a vetting document about Vance, from a sender also using the name “Robert” since July 22.
As per the Trump campaign, a report released by Microsoft on Friday revealed evidence that hackers from Iran had attempted to access the email account of a “high-ranking official” from a U.S. presidential campaign in June, around the time Vance was chosen as Donald Trump‘s running mate.
The company has chosen not to disclose the campaign’s name, but an individual familiar with Microsoft’s investigation confirmed that it referred to the Trump campaign.
U.S. officials have not yet verified the hacking of the campaign, and the campaign has not presented any proof of the breach or Iranian involvement.
A Democratic Representative Eric Swalwell (Calif.), a key member of the House Homeland Security Committee’s cybersecurity subcommittee, expressed interest in a briefing from the Department of Homeland Security.
“Donald Trump is undoubtedly the most contemptible individual to ever run for office. He also actively solicited foreign interference in a previous election. Nonetheless, America shall never condone external meddling,” he stated on X.
Representative Adam Schiff (D-Calif.), former chair of the House Intelligence Committee, urged for swift declassification of any data regarding the possible foreign aspect of the reported hack by the campaign.
“In 2016, the Intelligence Community was far too sluggish in identifying the hacking and dissemination scheme orchestrated by Russia to sow discord among Americans and favor the Trump campaign,” he wrote on X. “… The IC has made improvements since then, but must act promptly in this case.”
He urged both factions to denounce the alleged breach. “Back in 2016, the Trump campaign welcomed and took advantage of Russian intervention, then tried to deny it, greatly harming the nation,” he declared.
Multiple requests for comment to the Harris-Walz campaign have gone unanswered.
Beginning in 2016, Democratic campaigns and related groups have prioritized bolstering security measures and heavily investing in fortifying systems to defend against breaches and other cyber risks.
The Republican presidential nominee, Trump, shared on his Truth Social platform that his campaign was notified by Microsoft about a hack on one of its websites by the Iranian regime. He further claimed that only information available to the public was taken.
“Microsoft Corporation just informed us that one of our numerous websites fell victim to an Iranian Government hack – not a pleasant surprise!” he wrote on the platform late Saturday.
“They could only access information already in the public domain, but still, such activities should not be condoned. Iran and other entities will stop at nothing, exploiting our government’s weaknesses, but not for long,” he remarked.
According to Microsoft and other security firms, an Iranian group linked to the June attack on a presidential campaign is affiliated with the Iranian Revolutionary Guard Corps.
While Microsoft did not confirm that the Trump campaign was targeted, the tech behemoth stated on Friday that Iranian hackers compromised a former adviser’s email account and sent a phishing message with a malicious link to a current campaign official.
The Iranian hacker group employed a similar tactic in 2021 against a U.S. official’s press secretary, as per email security provider Proofpoint. Additionally, the group has developed custom malware for more discreet attacks.
Joshua Miller, a researcher at Proofpoint, highlighted that the Iranian group is actively targeting U.S. politicians and campaign staff, often masquerading as journalists to approach their targets.
Released to The Post, the document was an internal assessment by the Vance campaign on potential weaknesses, dated Feb. 23, prepared by the Brand Woodward law firm. Although it was based on public information, the report itself was an unpublished internal document.
A spokesperson for the National Security Council on Saturday firmly denounced any foreign entity or government that tries to meddle in the electoral process or undermine trust in democratic institutions, according to a statement.
As per a statement from the FBI on Saturday, the agency acknowledged the media reports and chose not to provide any comments.
Amid Def Con, the yearly event focused on hacking and security that attracts thousands to Las Vegas each summer, news of the breach surfaced.
Numerous attendees interviewed voiced concern about the potential upcoming events.
It was speculated by some that if Iranian hackers were indeed involved, they might have acquired more data than what has been disclosed by news outlets, intending to release additional information through mainstream or less reputable news platforms, which are increasingly filled with mainly duplicated content from other sources.
“‘Pink slime’ and illegitimate websites are part of their tactics, leading to the possibility of information being shared on alternative platforms if U.S. media outlets exercise caution,” according to Chris Krebs, the founding head of the Cybersecurity and Infrastructure Security Agency, who dealt with disinformation surrounding the 2020 election, during an interview with The Post. “Dual strategies are within the realm of possibility.”
Earlier, Krebs posted on X, speculating that there might be an attempt to replicate the interference seen during the 2016 campaign, when Russian involvement in the election was confirmed by U.S. intelligence agencies through the hacking and release of internal Democratic documents. In his post, he mentioned: “Parallels can be drawn to tactics used in 2016, with ongoing efforts to provoke societal unrest and target electoral systems — a strong resilience measure is ensuring 95% of votes are cast on paper ballots and conducting regular audits. However, the essence of the chaos remains the same,” he expressed.
Several email security experts have pointed out that publicly available email exchanges suggest the campaign team’s email accounts lacked proper protection. For instance, the absence of common security measures like DMARC heightened the vulnerability of email sender verification from a Trump-related address.
The Trump campaign did not promptly respond to a query regarding its email security practices.
While there has been an escalation in sophisticated cyber operations by Iran post the 2020 election, former U.S. officials indicated that the scale and extent are overshadowed by Russian activities, which may have already infiltrated one or more campaigns.
Most experts anticipate a surge in hacking incidents and data leaks as the election approaches, with the unpredictability lying in how both the public and media respond to minor revelations.
Jake Braun, who recently departed from the White House after serving as the acting principal deputy national cyber director, stated, “Regrettably, this level of threat is not a deviation from the norm but rather the usual state of affairs.”
Recent reports from various government and industry sources have highlighted the growing propaganda surrounding the election from entities in Russia and Iran, indicating that platforms used for promoting political agendas could also be utilized to disseminate data obtained through breaches.
Contributors to this report: Josh Dawsey, Isaac Arnsdorf, Devlin Barrett, and Tyler Pager.
About Author
