Two years before Iranian hackers breached Donald Trump’s campaign in the summer of 2024, they targeted a former U.S. official who had been a close confidant of John Bolton, Trump’s national security adviser and a prominent critic of Iran. In June 2022, these hackers used a sophisticated phishing scheme to compromise the email account of the former official. They sent an email that appeared innocuous, asking recipients—who were experts on Iranian and North Korean nuclear programs—to review a manuscript on these topics. The email contained a link to what seemed like the manuscript but was actually a malicious payload designed to grant the hackers access to the recipients’ computers.

The infiltration was discovered when the hacked individual alerted the FBI and warned colleagues about the sophisticated nature of the attack. This incident highlighted a broader, ongoing campaign by a hacking group believed to be working on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC). This group has a history of targeting both Trump and Biden administration officials, demonstrating their persistence and the sophisticated nature of their operations.

In early 2024, the same hacking group targeted a former senior diplomat from the Biden administration. The hacker posed as a scholar from a prominent Washington think tank and invited the diplomat to discuss the “evolving dynamics of the Israel-Palestinian situation.” While it is unclear if this attack was successful, gaining access to the diplomat’s email would have provided valuable intelligence and potentially facilitated further attacks on Democratic foreign policy circles.

This ongoing Iranian cyber activity has recently gained increased attention from U.S. intelligence agencies. Iran has emerged as one of the most aggressive foreign actors seeking to influence the U.S. political landscape ahead of the 2024 presidential election. In June 2024, the IRGC-linked hackers successfully targeted Trump’s campaign, stealing internal documents and leaking them to news organizations. This action underscored a clear intent to use cyber means to sow societal discord and exploit political divides.

Iran’s cyber activities are part of a broader strategy that includes both digital and physical threats. Beyond espionage, Iranian hackers have been involved in various external operations aimed at collecting intelligence that could facilitate kidnapping or assassination plots. For instance, in November 2022, the head of MI5 disclosed that Iran had made multiple attempts to kidnap or kill individuals in the UK, with some of these plots aided by cyber efforts. Notably, Iranian journalist Masih Alinejad, who has been targeted by such plots, reports a constant stream of hacking attempts against her communications.

The rise in external operations since the 2020 killing of Qasem Soleimani reflects Iran’s broader strategy to use cyber tools for actionable intelligence on targets. This includes creating false personas and infiltrating systems to gather information over extended periods. The number of such operations has surged, with Iran reportedly conducting 115 operations since Soleimani’s death, more than half the total number of operations since the Islamic Republic’s founding in 1979.

U.S. intelligence officials are particularly concerned about the potential for Iranian cyber operations to influence the 2024 election. The convergence of hacking, disinformation, and physical threats indicates a sophisticated approach by Iran to shape U.S. politics and advance its national security interests. As the election approaches, the U.S. must remain vigilant against these multifaceted threats and ensure that its systems are resilient to such disruptive activities.