Google has alerted U.S. Sen. Pat Toomey’s office that hackers with ties to a “nation-state” sent phishing emails to old campaign email accounts, a spokesman for the Pennsylvania Republican said Friday.
Toomey’s office was notified this week about the attempt to infiltrate email accounts, said spokesman Steve Kelly. He said the dormant accounts hadn’t been used since the end of the 2016 campaign, and the staffers they’re attached to no longer work for Toomey. The nation-state wasn’t identified.
“This underscores the cybersecurity threats our government, campaigns, and elections are currently facing,” he said. “It is essential that Congress impose tough penalties on any entity that undermines our institutions.”
Toomey currently isn’t running for office and the effort would not have affected the upcoming midterm elections.
Google told Toomey’s office that the emails appeared to be exploratory, Kelly said. Based on scans for spam, phishing and malware, the emails likely did not contain malware or links to a credential-phishing site, he said.
A Google spokesman said the company wasn’t commenting on the phishing attempt.
The notification is the latest by a tech company of suspected Kremlin attempts to spy on U.S. elected officials and campaigns and potentially meddle in U.S. politics.
Google’s warning to Toomey comes just weeks after a Microsoft discovery led Sen. Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that state-backed Russian hackers tried unsuccessfully to infiltrate her Senate computer network last fall.
That effort recalled what U.S. prosecutors called in a July 13 indictment a concerted effort by Russian military operatives ahead of the 2016 election focused on helping to elect Republican Donald Trump to the presidency by exposing internal divisions in the Democratic Party meant to discredit his opponent, Hillary Clinton. The indictment says the Russian agents broke into Democratic national organization servers and stole and leaked damaging emails.
On Tuesday, Microsoft disclosed what it called new Russian espionage efforts targeting U.S. political groups — this time conservative Republican foes that have promoted sanctions to punish the Kremlin for military aggression against Ukraine.
The company said a group tied to the Russian government created fake websites — presumably to steal passwords or plant spyware— that appeared to spoof two American conservative organizations: the Hudson Institute and the International Republican Institute. Three other fake sites were designed to look as if they belonged to the U.S. Senate.
The Kremlin denied involvement.