Iranian-linked election interference operation shows signs of recent access | CyberScoop<\/title> <meta name=\"description\" content=\"People associated with the operation shared with a journalist a document dated Sept. 15, according to new reporting.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/trump-campaign-hack-new-material-ongoing-access\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Iranian-linked election interference operation shows signs of recent access\"> <meta property=\"og:description\" content=\"People associated with the operation shared with a journalist a document dated Sept. 15, according to new reporting.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/trump-campaign-hack-new-material-ongoing-access\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-09-24T19:42:56+00:00\"> <meta property=\"article:modified_time\" content=\"2024-09-24T19:42:57+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1335\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725466133g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1724269863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81901\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81901\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftrump-campaign-hack-new-material-ongoing-access%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftrump-campaign-hack-new-material-ongoing-access%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81901 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/trump-campaign-hack-new-material-ongoing-access\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.429530201342\">\n<div class=\"single-article__header-content\" readability=\"30.347107438017\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/election-security\/\"> <span>Election Security<\/span> <\/a> <\/li>\n<\/ul>\n<p> People associated with the operation shared with a journalist a document dated Sept. 15, according to new reporting. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"445\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access.jpg?resize=640%2C445&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=300,209 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=768,534 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=1024,712 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=1536,1068 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=600,417 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=242,168 242w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=485,337 485w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=971,675 971w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-2.jpg?resize=1212,843 1212w\" sizes=\"(max-width: 971px) 100vw, 971px\"><figcaption> Republican presidential nominee, former U.S. President Donald Trump, speaks during a campaign stop at the Smith Family Farm September 23, 2024 in Smithton, Pennsylvania.(Photo by Win McNamee\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"39.774443141852\"><body readability=\"79.958549222798\"><\/p>\n<p>The people behind the alleged Iranian hacking effort targeting former President Donald Trump\u2019s campaign continue to share material with journalists, including a letter dated Sept. 15, suggesting recent access to campaign materials or that the election interference operation is ongoing.<\/p>\n<p>Judd Legum, the publisher of the Popular Information newsletter, <a href=\"https:\/\/popular.info\/p\/trump-campaign-hack\">reported Tuesday<\/a> that the persona that had been reaching out to multiple journalists with material apparently stolen from the campaign or its associates contacted him Sept. 18 with offers to share Trump-related material.<\/p>\n<p>Along with background research on Sen. JD Vance, the Republican vice presidential nominee, and others, \u201cRobert\u201d shared a four-page letter dated Sept. 15 from an attorney representing Trump to several people at the New York Times, Legum reported. Legum shared the letter with <a href=\"https:\/\/www.semafor.com\/article\/09\/23\/2024\/trump-hack-continued-into-last-week\">Semafor, which reported separately Tuesday<\/a> that it had verified the letter with that date as having been sent to the Times.<\/p>\n<p>A New York Times spokesperson confirmed the newspaper did receive a letter dated Sept. 15 from an unnamed law firm, but declined to share any additional details.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Trump campaign spokesperson Steven Cheung did not respond to questions about the purported Sept. 15 letter or whether the campaign believes the Iranian operation maintains access to email accounts belonging to campaign staff or associated parties.<\/p>\n<p>The U.S. government attributed the \u201cRobert\u201d-related activity to the Iranian government, assessing that the country wants to \u201cstoke discord and undermine confidence\u201d in U.S. elections. The Office of the Director of National Intelligence has issued a <a href=\"https:\/\/www.dni.gov\/index.php\/newsroom\/press-releases\/press-releases-2024\/3981-joint-odni-fbi-and-cisa-statement-on-iranian-election-influence-efforts\">pair<\/a> of <a href=\"https:\/\/www.dni.gov\/index.php\/newsroom\/press-releases\/press-releases-2024\/3994-odni-pr-22\">statements<\/a> on the ordeal, saying the Iranians \u201csought access to individuals with direct access\u201d to presidential campaigns of both political parties, and further investigation <a href=\"https:\/\/cyberscoop.com\/krebs-iranian-outreach-to-biden-campaign-was-late-breaking-news-to-u-s-gov\/\">revealed the Iranians sought<\/a> to send Trump-related material to people connected to President Joe Biden\u2019s now-dormant campaign.<\/p>\n<p>A spokesperson for the Permanent Mission of the Islamic Republic of Iran to the United Nations has repeatedly denied the accusations in statements to CyberScoop.<\/p>\n<p>The Microsoft Threat Analysis Center <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2024\/08\/08\/iran-targeting-2024-us-election\/\">reported Aug. 8<\/a> that a group connected to the Islamic Revolutionary Guard Corps (IRGC) used the compromised account of a former senior adviser to a presidential campaign to hack a high-ranking official on the unnamed campaign. The Trump campaign <a href=\"https:\/\/www.politico.com\/news\/2024\/08\/10\/trump-campaign-hack-00173503\">confirmed two days later<\/a> it had been targeted in the operation.<\/p>\n<p><a href=\"https:\/\/www.cnn.com\/2024\/08\/12\/politics\/trump-campaign-hack-personal-email-account-fbi\/index.html\">CNN later reported<\/a> that the email account for Trump adviser Roger Stone was compromised. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Google\u2019s Threat Analysis Group <a href=\"https:\/\/blog.google\/threat-analysis-group\/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us\/\">reported Aug. 14<\/a> that the activity was the work of a group it tracks as APT42, which it says is associated with the IRGC. The Iranian-linked group \u201cconsistently targets high-profile users in Israel and the U.S., including current and former government officials, political campaigns, diplomats, individuals who work at think tanks, as well as NGOs and academic institutions that contribute to foreign policy conversations,\u201d according to Google.<\/p>\n<p>The activity targeted people associated with both campaigns, according to Google, <a href=\"https:\/\/blog.google\/threat-analysis-group\/how-were-tackling-evolving-online-threats\/\">just as it had in 2020<\/a>. Attempts were made to access the personal email accounts of roughly \u201ca dozen\u201d people affiliated with Biden and Trump, including current and former U.S. government and campaign officials, Google said. <\/p>\n<p>\u201cWe blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals,\u201d the company added, but the hackers were able to access the personal Gmail account of at least one \u201chigh-profile political consultant.\u201d<\/p>\n<p>Google \u201cquickly\u201d secured the account and referred the activity to law enforcement in early July, the company said. \u201cToday, TAG continues to observe unsuccessful attempts from APT42 to compromise the personal accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump, including current and former government officials and individuals associated with the campaigns.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2796208530806\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/iranian-linked-election-interference-operation-shows-signs-of-recent-access-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/trump-campaign-hack-new-material-ongoing-access\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iranian-linked election interference operation shows signs of recent access |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1412,292,513,288,2753],"tags":[1418,298,517,294,2754],"class_list":["post-5449","post","type-post","status-publish","format-standard","hentry","category-election-2024","category-election-security","category-iran","category-threats","category-trump-campaign","tag-election-2024","tag-election-security","tag-iran","tag-threats","tag-trump-campaign"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/election-2024\/\" rel=\"category tag\">Election 2024<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/election-security\/\" rel=\"category tag\">election security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trump-campaign\/\" rel=\"category tag\">Trump campaign<\/a>","tag_info":"Trump campaign","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5449"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5449\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5449,"date":"2024-09-24T14:42:56","date_gmt":"2024-09-24T19:42:56","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81901"},"modified":"2024-09-24T14:42:56","modified_gmt":"2024-09-24T19:42:56","slug":"iranian-linked-election-interference-operation-shows-signs-of-recent-access","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/24\/iranian-linked-election-interference-operation-shows-signs-of-recent-access\/","title":{"rendered":"Iranian-linked election interference operation shows signs of recent access"},"content":{"rendered":"