A recent Microsoft report has revealed that malicious foreign influence surrounding the 2024 US elections is picking up the pace, and Iranian actors are the latest players.
Malign foreign influence in the US presidential election is commonplace, with bad actors using the opportunity to sway voters or promote rhetoric that might change the outcome.
It’s common for threat actors in Russia and China to exploit the US elections. But now, a report from the Microsoft Threat Analysis Center (MTAC) shows that Iranian actors are ramping up their malicious election-related activities.
This report is the third in a series of election reports updating users on the dangers of bad actors in the political sphere.
Like Russian and Chinese actors, Iranian cyber-enabled influence has been present in previous US election cycles. However, there are nuances in the way that Iranian actors operate.
“Iran’s operations have been notable and distinguishable from Russian campaigns for appearing later in the election season and employing cyberattacks more geared toward election conduct than swaying voters,” Microsoft said.
The report notes that Iran, along with the Kremlin, may be equally as involved in this year's US election as Iranian actors are laying the groundwork for influence operations aimed at the United States.
These recent developments show that influence activity is being conducted by a combination of actors who are “conducting initial cyber reconnaissance and seeding online personas and websites into the information space,” said Microsoft.
The tech giant has laid out some key players it observed when mapping Iran’s potential plans to influence the US presidential election.
Sefid Flood
The Iranian-linked actor Sefid Flood began preparing to influence the election in March 2024, just after the Iranian New Year.
The actor is especially adept at impersonating social and political activist groups to create chaos, undermine trust in authorities, and cast doubt on the integrity of the election.
“This group’s operations may go as far as intimidation, doxing, or violent incitement targeting political figures or social/political groups,” Microsoft notes.
IRGC prepares for battle
A few notable cybercrime groups within the Islamic Revolutionary Guard Corps (IRGC) have been observed preparing to influence the US election.
Mint Sandstorm
Mint Sandstorm is an Iran-linked group that has been active since at least 2013, according to Microsoft. The group is known for targeting dissidents protesting the Iranian government, activist leaders, the defense industrial base, journalists, think tanks, universities, various government agencies and services, and targets in Israel and the US.
In June 2024, Mint Sandstorm, run by the IRGC’s intelligence unit, sent a spearphishing email to a high-profile official within the presidential campaign. This was sent from a compromised email account of a former senior advisor, Microsoft said.
The phishing email harbored a malicious link that directed traffic through the actor-controlled domain before redirecting to the listed domain.
The group also unsuccessfully attempted to access an account belonging to a former presidential candidate who had not been named.
The timing and the target indicate that this unsuccessful attack was related to the US election.
“This targeting is a reminder that senior policymakers should be cognizant of monitoring and following cybersecurity best practices even for legacy or archived infrastructure, as they can be ripe targets for threat actors seeking to collect intelligence, run cyber-enabled influence operations, or both,” said Microsoft.
Peach Sandstorm
Peach Sandstorm is an IRGC-linked group that often focuses its strategic intelligence collection in the satellite, defense, and pharmaceutical sectors.
In May, Peach Sandstorm (a.k.a. APT-33), another group affiliated with the IRGC, compromised a user account with limited access permissions at a county-level government in a swing state.
“The compromise was part of a broader password spray operation from the group, and Microsoft Threat Intelligence did not observe any lateral movement or privilege escalation, making it difficult to determine whether it was election-related.”
Fake news from Storm-2035
Elections are often riddled with fake news. That’s one way to spread election-based misinformation around.
But the Iranian network, Storm 2035, has become very good a spreading misinformation and disinformation about the US election.
This network comprises four different websites posing as news outlets, which have been active since at least 2020. These websites actively engage “US voter groups on opposing ends of the political spectrum with polarizing messaging on issues such as the US presidential candidates, LGBTQ rights, and the Israel-Hamas conflict.”
The “news network” includes over 12 covert news sites, which target French, Spanish, Arabic, and English-speaking audiences with their social and politically charged content.
The sites that are still active include EvenPolitics, which publishes about 10 articles per week.
Nio Thinker is another “news website” that caters to liberal audiences and includes sarcastic, long articles, insulting Trump.
The last reported site is Savannah Time, which claims to be a “trusted source for conservative news in the vibrant city of Savannah.” This website focuses mainly on Republican Politics and LGBTQ+ issues, specifically gender reassignment.
“MTAC has not observed significant social media amplification of these sites as of yet, though it is possible they will begin closer to election day.”
Furthermore, Microsoft has found evidence to suggest that these fake news websites are leveraging AI services to plagiarize some of its content from US publications.
Other influence groups
The MTAC also noted that there are various groups that have ties to Iran that may influence the upcoming US election.
These include:
- Cotton Sandstorm – otherwise known as Emennet Pasargad
- Lemon Sandstorm – Fox Kitten
- Mint Sandstorm – Charming Kitten
- Peach Sandstorm – APT33
- Sefid Flood
- Storm-1660
“Looking forward, we expect Iranian actors will employ cyberattacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues,” Microsoft concludes.
Your email address will not be published. Required fields are markedmarked