August 9, 2024 | Flash Brief
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election
August 9, 2024 | Flash Brief
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election
Latest Developments
As campaigning for the U.S. presidential election intensifies, a report released by technology giant Microsoft on August 9 has highlighted Iranian attempts to influence voters through fake websites, phishing campaigns, and other online techniques. Noting that “[O]ver the past several months, we have seen the emergence of significant influence activity by Iranian actors,” the report, prepared the Microsoft Threat Analysis Center, cited four examples of recent Iranian cyber-activity targeting U.S. voters.
In one case, an Iranian network known as Storm-2035 continues to operate “four websites masquerading as news sites” that are “actively engaging US voter groups on opposing ends of the political spectrum with polarizing messaging on issues such as the US presidential candidates, LGBTQ rights, and the Israel-Hamas conflict,” the report observed. It pointed out that one of the fraudulent sites created by the network, “Nio Thinker,” carries content that “caters to liberal audiences,” while another, “Savannah News,” purports to be a “trusted source for conservative news.” Microsoft researchers discovered “evidence indicating the sites are using Artificial Intelligence (AI)-enabled services to plagiarize at least some of their content from US publications,” frequently deploying search engine optimization tools and content generated by AI to drive traffic.
In a second case, a malign actor named “Sefid Flood” has been engaged “in impersonating social and political activist groups in a target audience to stoke chaos, undermine trust in authorities, and sow doubt about election integrity.” The report added that “this group’s operations may go as far as intimidation, doxing, or violent incitement targeting political figures or social/political groups.” A third case from June involved “Mint Sandstorm,” a group operated by the intelligence unit of Iran’s Islamic Revolutionary Guard Corps (IRGC), which “sent a spear-phishing email [a targeted attack aimed at obtaining sensitive or restricted information] to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.” The IRGC’s intelligence unit was also central to the fourth example cited in the report, which involved compromising “a user account with minimal access permissions at a county-level government in a swing state” by a network going by the name “Peach Sandstorm.”
The report warned that “looking forward … Iranian actors will employ cyberattacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues.”
Expert Analysis
“This recently exposed Iranian influence operation is not a ‘spray and pray’ campaign. It targets specific U.S. demographics and regions, including swing states. This demonstrates that Iran may be seeking to impact the outcome of the election rather than merely using contentious issues as a means to create a general sense of chaos in the United States.” — Max Lesser, Senior Analyst on Emerging Threats, Center on Cyber and Technology Innovation
“Iranian influence operations are proving themselves to be more tenacious, long-term, and impactful than previously thought. This exposed operation, the foundations of which were laid in 2020 and 2021, shows sophistication, operational planning, and patience. Despite the use of the same host, most of the network domains exhibit comparatively good operational security measures and don’t have any obvious failings indicating Iranian involvement.” — Ari Ben Am, Adjunct Fellow, Center on Cyber and Technology Innovation
Iran Denies Cyber Operations
Responding to a query from the Associated Press about the report, Iran’s mission to the UN claimed that the Islamic Republic had been the target of “numerous offensive cyber operations” targeting its domestic infrastructure. The statement went on to insist that Iran’s “cyber capabilities are defensive and proportionate to the threats it faces. Iran has neither the intention nor plans to launch cyberattacks. The U.S. presidential election is an internal matter in which Iran does not interfere.”
Related Analysis
“Iranian Cyber Warfare Targeting Israel Seeks to Exploit Fears of Military Attack,” FDD Flash Brief
“Iran Orchestrating Online Campaign Against Israeli Olympic Athletes,” FDD Flash Brief
“Iran Obtains Advanced Cyber Warfare Capabilities from Russia,” FDD Flash Brief