State-sponsored hackers are actively targeting the U.S. presidential campaigns of both Joe Biden and Donald Trump, according to a senior Google security researcher.

The claim come from Shane Huntley, the head of the Google Threat Analysis Group. He wrote on Twitter that the Google team had seen a Chinese advanced persistent threat group targeting Biden campaign staff as well as an Iranian APT group target Trump campaign staff with phishing.

No sign of compromise was detected. Google warned campaign staff that they are being targeted. It also referred information about the attempted phishing attacks to law enforcement.

That Iranian hackers are targeting the Trump campaign comes as no surprise. In October, security researchers at Microsoft Corp. detailed what the dubbed the “Phosphorous campaign.” Iranian hackers targeted 241 accounts tied to the Trump campaign as well as current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.

Huntley provided further details on Twitter, saying that the groups involved in the phishing campaigns were identified as APT31 and APT35.

APT31, sometimes known as Zirconium is linked to the Chinese government and typically specializes in intellectual property theft. APT35, also known as the Newscaster team, is sponsored by the Iranian government and typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, organizations in the media, energy and defense industrial bases as well as the engineering, business services and telecommunications sectors.

In a statement to Reuters, a spokesperson for the Biden campaign said that “we are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff.” The spokesperson added that “we have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them.”

The Trump campaign spokesperson said that they had been briefed that “foreign actors unsuccessfully attempted to breach the technology of our staff” but provided no further comment.

Discussing the intent of the attacks, Charles Ragland, security engineer at digital risk protection software provider Digital Shadows Ltd., told SiliconANGLE that these groups may be looking to use information that they obtain to sow discord. “They may also use it for more traditional intelligence collection to inform other actions,” he said. “As more and more communication is done online, this trend is likely to continue.”

Photo: Andrea Widburg/Flickr