Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Iran Amplifies US Election Influence Campaign

Microsoft Says Tehran Has Stepped Up Activity As November Election Day Approaches
Iran Amplifies US Election Influence Campaign
The Azadi Tower in the Iranian capital of Tehran, as seen in January 2024. (Image: Shutterstock)

Iranian operatives stepped up influence and hacking operations against U.S. targets as presidential election ramps up for its final months, Microsoft warned on Thursday.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The tech giant said a group linked to Iran's Revolutionary Guard in June attempted to breach the account of a high-ranking official involved in a U.S. presidential campaign with a phishing mail. The email was sent from a hacked email account of a former senior adviser.

The attack occurred only weeks after the same group successfully compromised the account of a county-level official in a swing state - although the incident may have been part of a broader password spray operation unconnected to Tehran election influence operations.

Iran is one of a handful of authoritarian countries that use hacking and disinformation to undermine American democracy. Unlike its Moscow counterparts, Tehran's operations are notable "for appearing later in the election season and employing cyberattacks more geared toward election conduct that swaying voters," the computing giant said.

A July 29 unclassified assessment about election hacking by the Office of the Director of National Intelligence found that China probably does not plan to influence the outcome of the presidential election, instead likely concentrating on down-ballot candidates it sees as threatening its core interests. Chinese influence actors additionally are using "social media to sow division in the United States and portray democracies as chaotic."

Microsoft attributed the attempted hack of the unnamed presidential campaign advisor to a threat actor it tracks as Mint Sandstorm - also known as APT42 and Cobalt Illusion. The group has a history of targeting senior political official and previous Microsoft analysis has shown it growing in sophistication (see: Iranian Hackers Gain Sophistication, Microsoft Warns).

Iranian efforts also include launching news sites designed to stir controversy and targeting voters on opposite ends of the political spectrum. One of the sites, called Nio Thinker, caters to left-leaning audiences. Among the insults it hurled at Republican presidential candidate Donald Trump was calling him an "opioid-pilled elephant in the MAGA china shop" and a "raving mad litigiosaur." Another site, Savannah Time, positions itself as a reliable conservative news with a heavy emphasis on covering LGBTQ+ rights and gender reassignment.

The sites use AI-generated content, partially plagiarized from U.S. publications.

In May testimony before the Senate Intelligence Committee, Director of National Intelligence Avril Haines emphasized Iran's increasingly aggressive efforts to undermine confidence in U.S. democratic institutions.

"Iran is becoming increasingly aggressive in their efforts, seeking to stoke discord and undermine confidence in our democratic institutions," Haines said.

She highlighted that Iran is adapting its cyber and influence activities, using social media platforms, issuing threats, and disseminating disinformation.

Haines warned that these tactics are likely to intensify as the election approaches, with Iran relying on its intelligence services and online influencers to promote their narratives.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.