US Officials Say Iran Sent Fake Emails To Damage Trump; Democrats Object

US media is report­ing that nation­al secu­ri­ty offi­cials have accused Iran of try­ing to inter­fere with the upcom­ing US elec­tions by send­ing vot­ers fake emails intend­ed to look like they had been sent by the Proud Boys, a far-right, pro-Trump group. Accord­ing to a Wash­ing­ton Post report, Demo­c­ra­t­ic lead­ers object­ed to the asser­tion by the Direc­tor of Nation­al Intel­li­gence that the emails were designed to hurt Pres­i­dent Trump:

Oct. 22, 2020  At a hasti­ly assem­bled news con­fer­ence on Wednes­day, nation­al secu­ri­ty offi­cials accused Iran of attempt­ing to inter­fere in the U. S. elec­tion by send­ing vot­ers fake emails made to look like they had been sent by a far-right, pro-Trump group called the Proud Boys. Iran had three goals, Direc­tor of Nation­al Intel­li­gence John Rat­cliffe said: “to intim­i­date vot­ers, incite social unrest and dam­age Pres­i­dent Trump.”A cho­rus of Democ­rats, though, have pushed back on that last claim, not­ing that the threat­en­ing emails were sent to reg­is­tered Democ­rats in swing states and instruct­ed them to vote for Trump “or we will come after you.”Given the emails’ tar­gets and the demand to vote for Trump, Demo­c­ra­t­ic lead­ers ques­tioned why Rat­cliffe char­ac­ter­ized the inter­fer­ence as an attack on the president’s reelec­tion cam­paign rather than an attempt to inspire con­fu­sion and dis­trust of the entire 2020 elec­tion. U. S. gov­ern­ment con­cludes Iran was behind threat­en­ing emails sent to Democ­rats“ These elec­tion inter­fer­ence oper­a­tions are clear­ly not meant to harm Pres­i­dent Trump,” the House Home­land Secu­ri­ty Com­mit­tee, which is chaired by Rep. Ben­nie G. Thomp­son (D‑Miss.), tweet­ed late Wednes­day. “Rat­cliffe has TOO OFTEN politi­cized the Intel­li­gence Com­mu­ni­ty to car­ry water for the President.”

Read the rest here.

The GIOR has pre­vi­ous­ly report­ed the fol­low­ing infor­ma­tion about a hack­er group iden­ti­fied as “Phos­pho­rus”:

• Accord­ing to a cyber­se­cu­ri­ty web­site, Phos­pho­rus is also named APT 35, Charm­ing Kit­ten, and Ajax Secu­ri­ty Team. It report­ed­ly works for Iran­ian Intel­li­gence and has a his­to­ry of infil­trat­ing adver­saries’ gov­ern­ment net­works in the past.

• The Brook­ings Insti­tute, a U.S. think-tank, noted that Phos­pho­rous had been asso­ci­at­ed with phish­ing attacks. The email appears to come from an antivirus email but is actu­al­ly laced with malware.

• In 2019 Reuters not­ed that over 30 days in August and Sep­tem­ber, Phos­pho­rous made more than 2,700 attempts to iden­ti­fy con­sumer accounts, then attacked 241 of them. 

• An analy­sis by the Unit­ed States Insti­tute of Peace (USIP) said Phos­pho­rous was behind an Octo­ber 2019 failed attempt to breach accounts con­nect­ed with Pres­i­dent Trump’s re-elec­tion cam­paign as well as the accounts of jour­nal­ists and U.S. officials.

It is not known, how­ev­er, if Phos­pho­rus is behind the lat­est fake emails. The same USIP report also named Phos­pho­rous as among five known Iran­ian hack­er groups that included:

• Izz ad-Din al-Qas­sam Cyber Fight­ers – This group claimed respon­si­bil­i­ty for the DDoS cyber­at­tacks against U.S. finan­cial insti­tu­tions in Sep­tem­ber 2012. The same month, Sen. Joe Lieber­man claimed that the group was con­nect­ed to the IRGC’s elite Qods Force.

• APT33 (aka Elfin, Refined Kit­ten, Holmi­um) – This group car­ried out cyber espi­onage oper­a­tions against avi­a­tion, mil­i­tary, and ener­gy tar­gets in the Unit­ed States, Sau­di Ara­bia, and South Korea. Cyber­se­cu­ri­ty firm Fire­Eye linked APT33 to the Iran­ian government.

• Oil­Rig – This group focused on pri­vate indus­try tar­gets out­side of Iran, most famous­ly hack­ing Shel­don Adelson’s Las Vegas Sands Cor­po­ra­tion in Feb­ru­ary 2014. The group was, in turn, hacked by Turla, a Russ­ian FSB-asso­ci­at­ed group. The Rus­sians used the hijacked group to hack tar­gets in the Mid­dle East and the Unit­ed King­dom, accord­ing to U.S. and British offi­cials in Octo­ber 2019.

• Iran­ian Dark Coders Team – This hack­ing col­lec­tive pri­mar­i­ly focused on cyber-van­dal­ism. It defaced Amer­i­can and Israeli web­sites with pro-Hezbol­lah and pro-Iran pro­pa­gan­da in 2012. The group has not been tied to the Iran­ian gov­ern­ment and may con­sist of free­lancers or crim­i­nal ele­ments. 

The GIOR report­ed ear­li­er on FBI indict­ments of sev­en Iran­ian hack­ers charged in con­nec­tion with cyber intru­sions and fraud, van­dal­ism of U.S. web­sites, and intel­lec­tu­al prop­er­ty theft from U.S. aero­space and satel­lite tech­nol­o­gy companies.