For the third presidential election in a row, the foreign hacking of the campaigns has begun in earnest. But this time, it’s the Iranians, not the Russians, making the first significant move.
On Friday, Microsoft released a report declaring that a hacking group run by the intelligence unit of Iran’s Islamic Revolutionary Guard Corps had successfully breached the account of a “former senior adviser” to a presidential campaign. From that account, Microsoft said, the group sent fake email messages, known as “spear phishing,” to “a high-ranking official of a presidential campaign” in an effort to break into the campaign’s own accounts and databases.
By Saturday night, former President Donald J. Trump was declaring that Microsoft had informed his campaign “that one of our many websites was hacked by the Iranian Government — Never a nice thing to do!” but that the hackers had obtained only “publicly available information.” He attributed it all to what he called, in his signature selective capitalization, a “Weak and Ineffective” Biden administration.
The facts were murkier, and it is unclear what, if anything, the Iranian group, which Microsoft called Mint Sandstorm, was able to achieve.
Mr. Trump’s campaign was already blaming “foreign sources hostile to the United States” for a leak of internal documents that Politico reported on Saturday that it had received, though it is unclear whether those documents indeed emerged from the Iranian efforts or were part of an unrelated leak from inside the campaign.
The New York Times received what appears to be a similar if not identical trove of data from an anonymous tipster purporting to be the same person who emailed the documents to Politico.
Either way, the events of the past few days may well portend a more intense period of foreign interference in a race whose sudden turns, and changes of candidates, could have thrown the hackers off their plans.
Russia has so far played a relatively minor role, investigators and cybersecurity experts say, focusing instead on seeking to undermine both the Olympics, from which it was barred from fielding its own team, and support for Ukraine. And while American intelligence officials say they have little doubt that Russia wants to see Mr. Trump return to office, Chinese hackers, they say, seem uncertain how to play the election; they have reason to dislike both Mr. Trump and Vice President Kamala Harris.
There is little doubt, investigators say, that the Iranians want to see Mr. Trump defeated. As president, he withdrew from the 2015 nuclear deal, reimposed economic sanctions on Iran and then, in January 2020, ordered the killing in Iraq of Maj. Gen. Qassim Suleimani, the commander of the Quds Force, a clandestine wing of the Revolutionary Guards responsible for foreign operations.
Four years later, the Revolutionary Guard Corps appears still determined to avenge Suleimani’s death, and just last week the Justice Department announced it had charged a Pakistani man who had recently visited Iran, accusing him of trying to hire a hit man to assassinate political figures in the U.S., most likely including Mr. Trump. (There is no evidence that Iran was involved in the July 13 attempt on Mr. Trump’s life in Butler, Pa.)
Mr. Trump often casts his actions against Iran as evidence of his strength, despite the fact that his exit from the Iran deal gave Tehran an opening to rebuild a nuclear program that had been hobbled by the 2015 agreement. Still, the combination of the hack and the hit men looking for Mr. Trump and his former aides gave the former president an obvious foil, and he was using it over the weekend to make the case that the Iranians would prefer a continuation of the Biden-Harris administration.
Microsoft stopped short of saying that the hacking effort it detected was focused on Mr. Trump’s campaign, though the campaign itself said that was the case. In an interview, Tom Burt, the head of the company’s customer security and trust team, said that in June, “the Iranian team associated with Iranian intelligence” operations of the Revolutionary Guards successfully breached the email account of a former campaign adviser, whom the company did not name. From that account, he said, the Iranians sent a spear phishing email to an official of a presidential campaign.
While it would have appeared to the recipient to have come from the former campaign adviser, Mr. Burt refused to say whether the targeted campaign was also Mr. Trump’s. By long-established practice, Microsoft says, it can reveal such details only with the permission of the victim of an attack.
In many ways, the effort was similar in technique to what Iran attempted when it sought to interfere in the 2020 presidential campaign. This time, however, the Iranian effort looks to have been more sophisticated — namely, through the hacking of a trusted intermediary — suggesting the hackers learned something from what the Russians accomplished in past campaigns, notably in 2016.
But Mr. Burt said the company could not determine if the effort was successful in penetrating the campaign it targeted. And Microsoft has no way of determining whether the internal documents from the Trump campaign now being sent to news organizations were linked in any way to the Iranian effort.
The documents sent to Politico, as it described them, and to The Times included research about and assessments of potential vice-presidential nominees, including Senator JD Vance, whom Mr. Trump ultimately selected. Like many such vetting documents, they contained past statements with the potential to be embarrassing or damaging, such as Mr. Vance’s remarks casting aspersions on Mr. Trump.
In a statement on Saturday, Steven Cheung, a spokesman for the Trump campaign, preemptively chastised outlets that reported on any information that was improperly obtained.
“Any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies and doing exactly what they want,” he wrote.
The 2016 election that Mr. Trump won was marked by similar “hack and leak” efforts after Russian hackers broke into the email accounts of top Democratic officials. Leaked emails showed the internal workings of the party and of Hillary Clinton’s campaign, and also revealed criticisms of Mrs. Clinton by aides, and a trove of them was published by WikiLeaks in the final weeks of the presidential race.
Seeking an edge then, Mr. Trump’s campaign seized on the emails — many of them from Mrs. Clinton’s campaign chair, John Podesta. “We love Wikileaks,” Mr. Trump declared at the time.