Foreign nation-state actors hacked Donald Trump’s campaign

Donald Trump’s campaign reported that its emails were hacked by “foreign sources hostile to the United States.”

Donald Trump’s presidential campaign announced it was hacked, a spokesman attributes the attack to foreign sources hostile to the United States. The presidential campaign believes that Iran-linked threat actors may be involved in the cyber operation that is aimed at stealing and distributing sensitive documents. At this time, no specific evidence was provided.

The media outlet POLITICO first reported the hack, it became aware of the security breach after receiving emails from an anonymous account with documents from inside Trump’s operation.

The Trump campaign cited an incident that occurred in June where an Iran-linked APT, Mint Sandstorm, sent a spear-phishing email to a high-ranking campaign official from a compromised account.

The campaign cited a Microsoft report published on Friday that linked Iranian hackers to the spear phishing email sent to an official on a presidential campaign.

“Recent activity suggests the Iranian regime — along with the Kremlin — may be equally engaged in election 2024,” states Microsoft’s report.

On July 22, POLITICO began receiving emails from an anonymous source identified only as “Robert,” who used an AOL account. The emails contained alleged internal communications from a senior Trump campaign official, including a research dossier on Trump’s running mate, Ohio Sen. JD Vance, dated February 23. The dossier, a 271-page document, outlined Vance’s public record and criticisms of Trump, labeling some as “POTENTIAL VULNERABILITIES.” The hacker also shared a research document on Florida Sen. Marco Rubio and claimed to have various documents related to Trump’s legal issues and internal campaign discussions. The source advised against probing their methods of obtaining the documents, citing potential legal risks. This incident represents a significant security breach for Trump’s campaign.

“These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process,” Trump campaign spokesperson Steven Cheung said. “On Friday, a new report from Microsoft found that Iranian hackers broke into the account of a ‘high ranking official’ on the U.S. presidential campaign in June 2024, which coincides with the close timing of President Trump’s selection of a vice presidential nominee.”

The National Security Council condemned any attempts to undermine U.S. democratic institutions and emphasized the risks of interference in Presidential elections by foreign actors.

Iran’s mission to the United Nations has denied any accusation.

“We do not accord any credence to such reports,” the mission told The Associated Press. “The Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election.”

In July, U.S. intelligence gathered evidence suggesting Iran was plotting to assassinate Trump in retaliation for the 2020 killing of Iranian military officer Qassem Soleimani.

“The Iranians know that President Trump will stop their reign of terror just like he did in his first four years in the White House,” Cheung added.

The campaign spokesman pointed out that “any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies and doing exactly what they want.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)