US media is reporting that national security officials have accused Iran of trying to interfere with the upcoming US elections by sending voters fake emails intended to look like they had been sent by the Proud Boys, a far-right, pro-Trump group. According to a Washington Post report, Democratic leaders objected to the assertion by the Director of National Intelligence that the emails were designed to hurt President Trump:
Oct. 22, 2020 At a hastily assembled news conference on Wednesday, national security officials accused Iran of attempting to interfere in the U. S. election by sending voters fake emails made to look like they had been sent by a far-right, pro-Trump group called the Proud Boys. Iran had three goals, Director of National Intelligence John Ratcliffe said: “to intimidate voters, incite social unrest and damage President Trump.”A chorus of Democrats, though, have pushed back on that last claim, noting that the threatening emails were sent to registered Democrats in swing states and instructed them to vote for Trump “or we will come after you.”Given the emails’ targets and the demand to vote for Trump, Democratic leaders questioned why Ratcliffe characterized the interference as an attack on the president’s reelection campaign rather than an attempt to inspire confusion and distrust of the entire 2020 election. U. S. government concludes Iran was behind threatening emails sent to Democrats“ These election interference operations are clearly not meant to harm President Trump,” the House Homeland Security Committee, which is chaired by Rep. Bennie G. Thompson (D‑Miss.), tweeted late Wednesday. “Ratcliffe has TOO OFTEN politicized the Intelligence Community to carry water for the President.”
Read the rest here.
The GIOR has previously reported the following information about a hacker group identified as “Phosphorus”:
- According to a cybersecurity website, Phosphorus is also named APT 35, Charming Kitten, and Ajax Security Team. It reportedly works for Iranian Intelligence and has a history of infiltrating adversaries’ government networks in the past.
- The Brookings Institute, a U.S. think-tank, noted that Phosphorous had been associated with phishing attacks. The email appears to come from an antivirus email but is actually laced with malware.
- In 2019 Reuters noted that over 30 days in August and September, Phosphorous made more than 2,700 attempts to identify consumer accounts, then attacked 241 of them.
- An analysis by the United States Institute of Peace (USIP) said Phosphorous was behind an October 2019 failed attempt to breach accounts connected with President Trump’s re-election campaign as well as the accounts of journalists and U.S. officials.
It is not known, however, if Phosphorus is behind the latest fake emails. The same USIP report also named Phosphorous as among five known Iranian hacker groups that included:
- Izz ad-Din al-Qassam Cyber Fighters – This group claimed responsibility for the DDoS cyberattacks against U.S. financial institutions in September 2012. The same month, Sen. Joe Lieberman claimed that the group was connected to the IRGC’s elite Qods Force.
- APT33 (aka Elfin, Refined Kitten, Holmium) – This group carried out cyber espionage operations against aviation, military, and energy targets in the United States, Saudi Arabia, and South Korea. Cybersecurity firm FireEye linked APT33 to the Iranian government.
- OilRig – This group focused on private industry targets outside of Iran, most famously hacking Sheldon Adelson’s Las Vegas Sands Corporation in February 2014. The group was, in turn, hacked by Turla, a Russian FSB-associated group. The Russians used the hijacked group to hack targets in the Middle East and the United Kingdom, according to U.S. and British officials in October 2019.
- Iranian Dark Coders Team – This hacking collective primarily focused on cyber-vandalism. It defaced American and Israeli websites with pro-Hezbollah and pro-Iran propaganda in 2012. The group has not been tied to the Iranian government and may consist of freelancers or criminal elements.
The GIOR reported earlier on FBI indictments of seven Iranian hackers charged in connection with cyber intrusions and fraud, vandalism of U.S. websites, and intellectual property theft from U.S. aerospace and satellite technology companies.