Iranian-backed hackers targeted the personal email accounts of U.S. Treasury officials around the time President Trump reimposed sanctions on the country, according to an Associated Press report.
The news outlet on Thursday reported that the cybersecurity firm Certfa found a hacking group known as “Charming Kitten” had spent the past month trying to access the officials’ private email accounts through a phishing campaign.
{mosads}The Treasury Department is responsible for imposing the sanctions and the economic penalties have been widely decried by the Iranian government.
The hacking group also reportedly went after prominent figures supporting, enforcing or arguing against the Iran nuclear deal, which Trump formally withdrew from last month. Among those targeted were foreign nuclear experts and staffers at D.C. think tanks.
The AP reported that the security researchers were able to identify some of the people who were targeted by the campaign after the hacking group inadvertently left a server exposed to the internet.
In a report released Thursday, the Certfa researchers wrote that the hackers appeared to have gathered information about those targeted before launching the attacks.
“The hackers design specific plans for each target based on the level of targets’ cyber knowledge, their contacts, activities, working time, and their geographic situation,” the report reads.
Experts had anticipated that Iran would respond to last month’s sanctions through cyber means.
Lawmakers and experts have also repeatedly cited Iran as a prominent cyber threat to the U.S., alongside China, North Korea and Russia.