The Iranian regime hacking group known as APT42 or CharmingKitten has reportedly compromised the campaign of former U.S. President and current Republican presidential candidate Donald Trump, according to researchers and experts tracking the group.
APT42, which is believed to be associated with an intelligence division within Iran’s military known as the Intelligence Organization of the Islamic Revolutionary Guard Corps (IRGC-IO), is known for its highly targeted and invasive espionage tactics. This includes the deployment of surveillance software on victims’ mobile phones, allowing the hackers to record calls, steal text messages, and remotely activate cameras and microphones.
“What makes (APT42) incredibly dangerous is this idea that they are an organization that has a history of physically targeting people of interest,” said John Hultquist, chief analyst with U.S. cybersecurity firm Mandiant. Past research has found the group surveilling the cell phones of Iranian activists and protesters, some of whom were subsequently imprisoned or threatened.
While the Iranian regime has denied any intent to interfere in the U.S. presidential election, experts believe the IRGC-IO views the incursion into the Trump campaign as an opportunity to gather intelligence that could advance Iran’s interests. Spokespeople for Trump have alleged that the hackers are targeting the former president due to his hawkish policies toward Iran.
The APT42 group has never been formally named in U.S. law enforcement actions, leaving questions about its structure and identity. However, Levi Gundert, chief security officer for U.S. cyber intelligence firm Recorded Future, said the IRGC-IO is “entrusted with collecting intelligence to defend and advance the interests of the Islamic Republic” and is considered one of Iran’s most powerful security and intelligence entities.
In addition to targeting the Trump campaign, APT42 has also been linked to hacking attempts against a U.S.-based media group, Iran International, which British authorities previously said were the target of physical threats by Iranian-linked agents.
The group’s tactics include using mobile malware to gain access to victims’ devices, as well as elaborate email-based social engineering campaigns that aim to trick targets into opening malicious messages and allowing system takeovers.
The emergence of APT42’s activities in the ongoing US presidential race has raised significant concerns about the security of U.S. election systems and the vulnerability of campaign personnel to sophisticated state-sponsored cyberattacks.
