JAKARTA - Iran's hacking team that broke into the Republican presidential candidate campaign Donald Trump is known for installing surveillance software on its victims' phones, allowing them to record calls, steal text, turn on cameras and microphones secretly, according to researchers and experts who follow the group.

Known as APT42 or PrettyKitten by the cybersecurity research community, the alleged Iranian hackers are widely believed to be linked to the intelligence division within Iran's military, known as the Revolutionary Guard Corps Intelligence Organization or IRGC-IO.

Their emergence ahead of the United States elections is noteworthy, sources told Reuters, because of their invasive espionage approach to high-value targets in Washington and Israel.

"What makes (APT42) very dangerous is the idea that they are an organization that has a history of physically targeting people of concern," said John Hultquist, chief analyst at US cybersecurity firm Mandiant, referring to previous research that found the group overseeing the phones of activists and Iranian protesters. August 23.

Some of them were imprisoned or physically threatened in the country shortly after being hacked.

Hultquist said hackers usually use cellular malware that allows them to "record phone calls, audio room recordings, steal SMS inboxes (texts), take pictures from machines," and collect geolocation data.

A spokesman for Iran's permanent mission to the United Nations in New York said in an email, "The Iranian government has no intention or motive to interfere in the US presidential election."

Separately, a spokesman for Donald Trump said Iran was targeting the former president and presidential candidate of the Republican Party in the 2024 election because it did not like its policies towards Tehran.

The APT42 crew targeting Trump has never been officially mentioned in US law enforcement charges or criminal charges, raising questions about their structure and identity. However, experts believe they pose a significant threat.

"IRGC-IO is tasked with gathering intelligence to defend and advance Iran's interests," said Levi Gundert, chief security officer for US cyber intelligence firm Recorded Future and former Secret Service special agent.

"Together with Quds Troops, they are the most powerful security and intelligence entities within Iran," he continued.

In March, Recorded Future analysts discovered a hacking attempt by APT42 against a US-based media group called Iran International, previously said by British authorities, being the target of physical violence, terror threats and threats by Iranian-linked agents.

In recent months, Trump campaign officials have sent messages to employees warning them to be careful about information security, according to one person familiar with the message.

The message warned that the phone was no safer than any other device and was an important vulnerability point, the person said, asking for his identity to be kept secret because he was not allowed to speak to the media.

Trump's campaign team did not respond to requests for comment. The FBI and the Office of the Director of National Intelligence declined to comment.

Secret Service did not answer questions about whether Iran's hacking activity could be intended to support future planned physical attacks. In a statement sent to Reuters, a Secret Service spokesman said they were working closely with intelligence community partners to ensure "highest safety and security levels" but were unable to address issues "related to protection intelligence."

APT42 also often disguises itself as Washington's journalist and think tank in complex email-based social engineering operations aimed at luring their targets into opening trap messages, allowing them to take over the system.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)