Google may or may not be spying on its users, but it certainly knows what’s going on elsewhere around the world wide web. In an announcement yesterday, the company’s security division revealed the existence of a vast Iranian government spying campaign that’s been keeping a close eye on thousands of its citizens in the run up to its presidential elections.

Google’s Eric Grosse, VP of Security, said in a blog post that Iran’s surveillance efforts were being facilitated by a vast “phishing” program that had targeted thousands of Gmail users in the country in recent weeks:

“These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggests that the attacks are politically motivated in connection with the Iranian presidential election on Friday.”

Unlike the NSA’s PRISM, Iran’s intelligence operatives seem to be resorting to somewhat cruder digital surveillance tactics. They’re believed to be responsible for a spate of phishing attacks, which involves sending people a malicious link embedded in an otherwise official-looking email. The emails purportedly come from Google itself and redirect users to a fake Google log-in page that steals their passwords.

Unfortunately, reports of digital spying are becoming all too common these days, to say nothing of the US government’s own monitoring programs. Just last month, the Citizen Lab at the University of Toronto uncovered evidence that suggested the Malaysian government was using a sophisticated spying tool called FinSpy to snoop on its political opponents. FinSpy is the same tool used by the government of Bahrain to crack down on dissidents there.

Google didn’t reveal how it came to know about Iran’s current spying campaign, but it did say that the attackers appeared to be the same people responsible for a 2011 cyberattack on Dutch firm DigiNotar, which used to sell web security certificates. At that time, security researchers said that the company was most likely to have been attacked by Iranian hackers, or at least, actors working on its behalf. By saying that Iran’s current campaign is linked to the DigiNotar hack, Google is basically holding Iran responsible.

If nothing else, we can take this as yet more evidence of Iran’s growing cyberattack capabilities. While China tends to concentrate on stealing trade secrets and military knowledge, Iran’s efforts appear to be much more sinister. For the last six months at least, the Islamic Republic has frequently been targeting US banks with DDoS attacks to take them offline, while more recently it’s made efforts to infiltrate US industrial systems too. These developments have led to speculation that Iran could well be laying the groundwork for a cyberstrike on American infrastructure in the event that the US ever authorizes military action against it.