Almost exactly four years after Russian operatives hacked into the email accounts of prominent Democrats ahead of the 2016 election, Google confirmed on Thursday that foreign adversaries are still at it.
Chinese-backed hackers were observed targeting former Vice President Joe Biden's campaign staff, and Iranian-backed hackers were seen targeting President Trump's campaign staff. Both were targeted with phishing attacks, according to Shane Huntley, the head of Google's Threat Analysis Group.
He said there was no sign the attempts were successful.
Huntley made the announcement on Twitter, and also said Google passed the information onto federal law enforcement.
Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement. https://t.co/ozlRL4SwhG— Shane Huntley (@ShaneHuntley) June 4, 2020
"Phishing" is when an attacker sends an email to a target often disguised as one meant to appear from a trusted source. The message can include a link designed to trick the target to click and download malicious software, or point the target to a website controlled by the attacker that might try to capture information.
Google's announcement provided a reminder that Russia's interference game plan from the 2016 election is out in the open, and that other countries could attempt to replicate some or all of it this presidential election cycle.
In a statement, the Biden campaign said Google had notified it of the attempted intrusions.
"We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them," the campaign said in a statement. "Biden for President takes cybersecurity seriously. We will remain vigilant against these threats and will ensure that the campaign's assets are secured."
The Trump campaign had not responded to a request for comment at the time this story was ready to be published.
The intrusion attempts aren't the first of this election cycle.
Earlier this year, The New York Times reported that Russia hacked the Ukrainian gas company that paid Biden's son for a time. Microsoft announced last year that Iranian hackers were targeting Trump campaign staffers as well as journalists and current and former U.S. officials.
All of this comes as no surprise to the election security community, which has been saying for years that campaigns are potentially the most vulnerable part of the election ecosystem.
They often don't have the time or money to develop long-term security plans. And they're bringing in new staff all the time without training. Those staffers and sometimes volunteers may also be using their own equipment or accounts.
"The irony of campaigns is they are the grittiest and least-resourced startups that are out there, but they're incredibly valuable targets," said Robby Mook, Hilary Clinton's 2016 campaign manager, in comments to NPR in 2018.
Since the 2016 election, however, there has been recognition of the problem from both political parties. The Democratic National Committee in particular has made a public showing of releasing campaign cybersecurity checklists, after it came under intense scrutiny for its cyber failings in 2016.
Russian influence specialists in 2016 released material stolen from Democrats and embarrassed the party's leaders, costing its chairwoman her job and at times changing the focus of the campaign.
But attackers also continue to grow more advanced, says Aaron Higbee, the co-founder of the cybersecurity firm Cofense, which focuses on phishing defense.
Higbee recently encountered a phishing email sent by the same Russian hacking group that broke into the account of Clinton campaign chairman John Podesta in 2016. Higbee said the new message made the 2016 phishing attack look simple in hindsight.
"What that says to me is they didn't have to try that hard to hack the 2016 election," said Higbee. "They're certainly more capable, and that's what we should be looking out for."