WASHINGTON — Chinese hackers are targeting the personal email accounts of campaign staff members working for former Vice President Joseph R. Biden Jr., Google said on Thursday, while confirming previous reports that Iran has targeted President Trump’s campaign.
In disclosing the attempts, Google’s chief of threat analysis, Shane Huntley, who oversees the tracking of state-sponsored, sophisticated hacking, said there was no evidence yet that the Chinese hackers had pierced Mr. Biden’s campaign. The attacks appear to be conventional spear-phishing attacks, similar to the Russian breach of John D. Podesta’s personal emails in 2016, when he was Hillary Clinton’s campaign chairman.
But Google’s announcement on Thursday underscored the fact that during the 2020 election, Russian hackers, who combined hacking and disinformation in the last presidential election cycle, will not be alone. Even before Google’s announcement — posted on Twitter — security experts warned that Russian hackers would be joined by those from other American adversaries.
Mr. Biden’s campaign said in a statement that “we are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff.”
It added: “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign’s assets are secured.”
The motivations for such attempts could be many. China already has major espionage assets aimed at the Trump administration and other parts of the United States government, so going after the president’s campaign infrastructure may be redundant — and less interesting than anything that can be elicited from the Defense Department, the State Department or American intelligence agencies.
But Mr. Biden’s views on China, which have evolved as tensions with Beijing have risen, are more of a mystery to Chinese intelligence.
And if Mr. Biden wins, any success at piercing the emails of his top aides could be useful, especially during a transition of power. Google, Microsoft and other companies have offered campaigns help in securing both their official and private accounts, and in enrolling staff members in security programs that are often used by journalists, aid workers or government officials.
Google has alerted Gmail users to state-sponsored email threats with automated warnings in recent years, but in this case Google employees personally briefed Mr. Biden’s campaign on what they called a “high priority” threat in virtual meetings on Thursday, according to two people familiar with the discussions who were not authorized to discuss them publicly.
The Chinese interest in campaigns is hardly new. In 2008, Justice Department and F.B.I. officials approached Barack Obama’s campaign — at a time when Mr. Biden was chairman of the Senate Foreign Relations Committee and running for vice president — and told the campaign it had been penetrated by Chinese hackers. The same hacking groups went after Senator John McCain, the Republican nominee.
But this time far more is at stake. The relationship between Beijing and Washington has never been more tense since relations between the two countries opened nearly five decades ago. And Mr. Trump and Mr. Biden are in a match to declare which one will be tougher on Beijing over its failures to report quickly about the coronavirus, its new security laws in Hong Kong, its declaration of exclusive territory in the South China Sea, and its efforts to spread its 5G communications networks around the world.
The announcement about Iran’s attempts to get into accounts surrounding the Trump campaign was not new. In October, Microsoft disclosed that Iranian hackers, with apparent backing from that country’s government, made more than 2,700 attempts to identify the email accounts of current and former United States government officials, journalists covering political campaigns, and accounts associated with a presidential campaign. While Microsoft didn’t name the campaign, those involved in the investigation said it was Mr. Trump’s re-election effort. The attacks Google described on Thursday appeared to be along similar lines as to what Microsoft detailed.
Russian hackers are also active this election season. In January, the same Russian hacking group that stole Mr. Podesta’s emails in 2016 began a phishing campaign against Burisma, the Ukrainian company that formerly employed Mr. Biden’s son and was crucial to Mr. Trump’s impeachment.
It is not clear what the Russian hackers were after, but cybersecurity experts surmised at the time that the hackers were looking for “kompromat” — compromising material on the Bidens — or hoping to support Mr. Trump’s claim that Burisma was corrupt and that Ukrainian investigations into the company were warranted.
In February, American intelligence officials warned that Russia was once again actively meddling, though it was unclear whether the goal was simply disruption or support for Mr. Trump. This week he invited President Vladimir V. Putin of Russia to join a Group of 7 meeting scheduled for Washington in the fall, angering European allies and Canada given that Russia was thrown out of the group after it annexed Crimea in 2014.
Mr. Biden has been far more critical of Mr. Putin and indicated he would not let up on sanctions against Russia, unlike Mr. Trump.
And last month, the National Security Agency warned that Russian military hackers had seized on vulnerabilities in an email transfer program — used by several congressional candidates, among others — in yet another attempt to steal emails.
Among those who would have been vulnerable to the Russian attacks were the campaign offices of more than 44 American congressmen, including Representative Paul Tonko, Democrat of New York, and three members of the House Armed Services Committee: Jim Banks, Republican of Indiana, Mo Brooks, Republican of Alabama, and Tom Suozzi, Democrat of New York. But there is no evidence their emails were stolen, according to a report by Area 1, a Silicon Valley cybersecurity firm.
David Sanger reported from Washington, and Nicole Perlroth from Palo Alto, Calif.
www.nytimes.com 2020-06-05 00:07:34