Google offers details on Chinese hacking group that targeted Biden campaign

"[W]e’ve seen increased attention on the threats posed by APTs in the context of the U.S. election," Google's Shane Huntley said.
Joe Biden
(Flickr / <a href="">Gage Skidmore</a>)

Google on Friday offered new details on tactics used by alleged Chinese government-linked hackers who previously targeted Democratic presidential nominee Joe Biden’s campaign, while warning that multiple state-linked hacking groups continue to show an interest in the U.S. election.

The Chinese state-linked group, known as APT31, has been using malicious code hosted on the open-source platform GitHub to upload and download files on networks in targeted attacks, Google said in a blog post. The use of legitimate services, including Dropbox, have made the attacks more difficult to detect.

The tech giant did not specify which organizations or industries were targeted in the activity, or even if it affected political campaigns. Google did say it shares its election-related findings with the FBI and political campaigns to help protect them from the threat.

“Overall, we’ve seen increased attention on the threats posed by [advanced persistent threats] in the context of the U.S. election,” wrote Shane Huntley of Google’s Threat Analysis Group, using the industry term for state-linked hackers.


Google’s announcement also illustrates how such espionage campaigns try to evade computer defenses. APT31 has been impersonating anti-virus software from McAfee to try to install malicious code on target systems, according to Google.

The advisory follows a June announcement from Google that Chinese and Iranian hackers had tried unsuccessfully to breach staffers at the campaigns for Biden and President Donald Trump, respectively, with phishing emails and emails that contained tracking links.

Since then, Microsoft has also warned that hackers affiliated with China, Russia and Iran were targeting U.S. political organizations. And last Friday, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency detailed an active campaign by foreign government-linked hackers to breach state and local networks.

The public advisories come in the heat of a bitter presidential campaign season. Trump has repeatedly made unfounded claims about voting fraud and questioned the election’s integrity — something that the Department of Homeland Security has warned Russian state media is also doing.

Trump’s personal lawyer, Rudy Giuliani, has also solicited materials from politicians in Ukraine in an effort to denigrate Biden. One of those politicians, Andrii Derkach, has been sanctioned by the U.S. Treasury Department for trying to interfere in the U.S. electoral process and accused of being a Russian agent. On Friday, Google also announced that it had removed 14 Google accounts linked to Derkach.


Both the Republican and Democratic National Committees say they have stepped up security measures following the 2016 election, when Russian hackers breached the DNC and leaked emails in a bid to damage Hillary Clinton’s campaign. The Biden campaign in July hired Chris DeRusha, who was a White House cybersecurity adviser when Biden was vice president, as its chief information security officer.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts