{"id":36147,"date":"2020-07-17T19:21:44","date_gmt":"2020-07-17T19:21:44","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31405\/Iran-State-Hackers-Caught-Targeting-Presidential-Campaigns.html"},"modified":"2020-07-17T19:21:44","modified_gmt":"2020-07-17T19:21:44","slug":"iran-state-hackers-caught-targeting-presidential-campaigns","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/","title":{"rendered":"Iran State Hackers Caught Targeting Presidential Campaigns"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/iranian-flag-800x457.png\" alt=\"The flag of the Islamic Republic of Iran.\"><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/iranian-flag.png\" class=\"enlarge-link\" data-height=\"731\" data-width=\"1280\">Enlarge<\/a> <span class=\"sep\">\/<\/span> The flag of the Islamic Republic of Iran.<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"58 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2020\/07\/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">104<\/span> <span class=\"visually-hidden\"> with 58 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 4188:single\/related:6842233ee50fcc6ced95678a1831e427 --><!-- empty --><\/p>\n<p>Iranian state hackers got caught with their pants down recently when researchers uncovered more than 40GB of data, including training videos showing how operatives hack adversaries\u2019 online accounts and then cover their tracks.<\/p>\n<p>The operatives belonged to ITG18, a hacking group that overlaps with another outfit alternatively known as Charming Kitten and Phosphorous, which researchers believe also works on behalf of the Iranian government. The affiliation has long targeted <a href=\"https:\/\/arstechnica.com\/tech-policy\/2020\/06\/iran-and-china-backed-phishers-try-to-hook-the-trump-and-biden-campaigns\/\">US presidential campaigns<\/a> and US government officials. In recent weeks, ITG18 has also targeted pharmaceutical companies. Researchers generally consider it a determined and persistent group that invests heavily in new tools and infrastructure.<\/p>\n<p>In May, IBM\u2019s X-Force IRIS security team obtained the 40GB cache of data as it was being uploaded to a server that hosted multiple domains known to be used earlier this year by ITG18. The most telling contents were training videos that captured the group\u2019s tactics, techniques, and procedures as group members performed real hacks on email and social media accounts belonging to adversaries.<\/p>\n<p>Included in the footage was:<\/p>\n<ul>\n<li>Almost five hours of video showing operators searching through and exfiltrating data from multiple compromised accounts belonging to two people, one a member of the US Navy and the other a seasoned personnel officer in the Hellenic Navy.<\/li>\n<li>Failed phishing attempts that targeted US State Department officials and an Iranian American philanthropist. The failures were the result of emails bouncing because they appeared suspicious.<\/li>\n<li>Online personas and Iranian phone numbers used by group members.<\/li>\n<\/ul>\n<p>The haul of data is a potential intelligence coup because it allows researchers (and presumably US officials) to identify the strengths and weaknesses of an adversary that is steadily improving its hacking talent. Defenders can then improve protections designed to keep the attackers out. The bird\u2019s-eye view may also have signaled plans for future ITG18 operations.<\/p>\n<h2>A rare opportunity<\/h2>\n<p>\u201cRarely are there opportunities to understand how the operator behaves behind the keyboard, and even rarer still are there recordings the operator self-produced showing their operations,\u201d IBM researchers Allison Wikoff and Richard Emerson wrote in a <a href=\"https:\/\/securityintelligence.com\/posts\/new-research-exposes-iranian-threat-group-operations\/\">post<\/a> published Thursday. \u201cBut that is exactly what X-Force IRIS uncovered on an ITG18 operator whose OPSEC failures provide a unique behind-the-scenes look into their methods, and potentially, their legwork for a broader operation that is likely underway.\u201d<\/p>\n<p>The videos were shot using a desktop recording tool called Bandicam and ranged from two minutes to two hours. Timestamps indicated the videos were recorded a day or so before they were uploaded. Five of the videos showed operators pasting passwords into compromised accounts and then demonstrating how to efficiently exfiltrate contacts, photos, and other data stored there and in associated cloud storage.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-bandicam.png\" class=\"enlarge\" data-height=\"771\" data-width=\"1160\" alt=\"An ITG18 operator desktop from a Bandicam recording.\"><img loading=\"lazy\" decoding=\"async\" alt=\"An ITG18 operator desktop from a Bandicam recording.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-bandicam-640x425.png\" width=\"640\" height=\"425\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-bandicam.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-bandicam.png\" class=\"enlarge-link\" data-height=\"771\" data-width=\"1160\">Enlarge<\/a> <span class=\"sep\">\/<\/span> An ITG18 operator desktop from a Bandicam recording.<\/div>\n<div class=\"caption-credit\">IBM X-Force IRIS<\/div>\n<\/figcaption><\/figure>\n<p>The footage also showed the settings that group members changed in the security configurations of each compromised account. The changes allowed the hackers to connect some of the accounts to Zimbra, an email collaboration program that can aggregate multiple accounts into a single interface. Using Zimbra made it possible to manage hacked email accounts simultaneously.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-zimbra.jpg\" class=\"enlarge\" data-height=\"1080\" data-width=\"1920\" alt=\"An image capture of an ITG18 operator syncing a persona account to Zimbra.\"><img loading=\"lazy\" decoding=\"async\" alt=\"An image capture of an ITG18 operator syncing a persona account to Zimbra.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-zimbra-640x360.jpg\" width=\"640\" height=\"360\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-zimbra-1280x720.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/07\/itg18-zimbra.jpg\" class=\"enlarge-link\" data-height=\"1080\" data-width=\"1920\">Enlarge<\/a> <span class=\"sep\">\/<\/span> An image capture of an ITG18 operator syncing a persona account to Zimbra.<\/div>\n<div class=\"caption-credit\">BM X-Force IRIS<\/div>\n<\/figcaption><\/figure>\n<p>Three other videos revealed that the operators had compromised several accounts associated with an enlisted member of the US Navy and an officer in the Hellenic Navy. ITG18 members had credentials for what appear to be their personal email and social media accounts. In many cases, the hackers deleted emails notifying the targets that there had been suspicious logins to their accounts.<\/p>\n<h2>Painstaking detail<\/h2>\n<p>The attackers also accessed files showing the military units the Navy personnel were in, their naval base, residence, personal photos and videos, and tax records. The operators methodically combed through targets\u2019 other accounts, including those on video-streaming sites, pizza-delivery services, credit-reporting agencies, mobile carriers, and more.<\/p>\n<p>\u201cThe operators appear to have been meticulously gathering trivial social information about the individuals,\u201d the IBM researchers wrote. \u201cIn total, the operator attempted to validate credentials for at least 75 different websites across the two individuals.<\/p>\n<p>Other videos displayed the Iran-based phone number and other profile details for a fake persona ITG18 members used in their operations. The video also revealed attempts to send phishing emails to the Iranian American philanthropist and two possible State Department officials.<\/p>\n<p>Another potentially useful discovery: when operators used a password to successfully gain initial access to an account that was protected by multifactor authentication, they would proceed no further. That suggests that Charming Kitten\u2019s previously revealed ability to <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/12\/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail\/\">bypass multifactor authentication<\/a> is limited.<\/p>\n<p>The behind-the-scenes account IBM obtained demonstrates the double-edged sword that\u2019s wielded by espionage hackers. While their operations often yield useful information on their targets, the targets can also turn that around in <a href=\"https:\/\/en.wikipedia.org\/wiki\/Spy_vs._Spy\"><em>Spy vs. Spy<\/em> fashion<\/a>.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31405\/Iran-State-Hackers-Caught-Targeting-Presidential-Campaigns.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":36148,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8804],"class_list":["post-36147","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinegovernmentusafraudcyberwarphishiran"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Iran State Hackers Caught Targeting Presidential Campaigns 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Iran State Hackers Caught Targeting Presidential Campaigns 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-17T19:21:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/iran-state-hackers-caught-targeting-presidential-campaigns.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"457\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Iran State Hackers Caught Targeting Presidential Campaigns\",\"datePublished\":\"2020-07-17T19:21:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/\"},\"wordCount\":821,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/iran-state-hackers-caught-targeting-presidential-campaigns.png\",\"keywords\":[\"headline,government,usa,fraud,cyberwar,phish,iran\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/\",\"name\":\"Iran State Hackers Caught Targeting Presidential Campaigns 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/iran-state-hackers-caught-targeting-presidential-campaigns.png\",\"datePublished\":\"2020-07-17T19:21:44+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/iran-state-hackers-caught-targeting-presidential-campaigns.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/iran-state-hackers-caught-targeting-presidential-campaigns.png\",\"width\":800,\"height\":457},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-state-hackers-caught-targeting-presidential-campaigns\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,usa,fraud,cyberwar,phish,iran\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentusafraudcyberwarphishiran\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Iran State Hackers Caught Targeting Presidential Campaigns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Iran State Hackers Caught Targeting Presidential Campaigns 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/","og_locale":"en_US","og_type":"article","og_title":"Iran State Hackers Caught Targeting Presidential Campaigns 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-07-17T19:21:44+00:00","og_image":[{"width":800,"height":457,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/iran-state-hackers-caught-targeting-presidential-campaigns.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Iran State Hackers Caught Targeting Presidential Campaigns","datePublished":"2020-07-17T19:21:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/"},"wordCount":821,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/iran-state-hackers-caught-targeting-presidential-campaigns.png","keywords":["headline,government,usa,fraud,cyberwar,phish,iran"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/","url":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/","name":"Iran State Hackers Caught Targeting Presidential Campaigns 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/iran-state-hackers-caught-targeting-presidential-campaigns.png","datePublished":"2020-07-17T19:21:44+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/iran-state-hackers-caught-targeting-presidential-campaigns.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/iran-state-hackers-caught-targeting-presidential-campaigns.png","width":800,"height":457},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/iran-state-hackers-caught-targeting-presidential-campaigns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,usa,fraud,cyberwar,phish,iran","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentusafraudcyberwarphishiran\/"},{"@type":"ListItem","position":3,"name":"Iran State Hackers Caught Targeting Presidential Campaigns"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36147"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36147\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/36148"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}