Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
Microsoft Says Tehran Has Stepped Up Activity As November Election Day Approaches
Iranian operatives stepped up influence and hacking operations against U.S. targets as presidential election ramps up for its final months, warned Microsoft on Thursday.
See Also: OnDemand | Everything You Can Do to Fight Social Engineering and Phishing
The tech giant said a group linked to Iran’s Revolutionary Guard in June attempted to breach the account of a high-ranking official involved in a U.S. presidential campaign with a phishing mail. The email was sent from a hacked email account of a former senior adviser.
The attack occurred only weeks after the same group successfully compromised the account of a county-level official in a swing state – although the incident may have been part of a broader password spray operation unconnected to Tehran election influence operations.
Iran is one of a handful of authoritarian countries that use hacking and disinformation to undermine American democracy. Unlike its Moscow counterparts, Tehran’s operations are notable “for appearing later in the election season and employing cyberattacks more geared toward election conduct that swaying voters,” the computing giant said.
A July 29 unclassified assessment about election hacking by the Office of the Director of National Intelligence found that China probably does not plan to influence the outcome of the presidential election, instead likely concentrating on down-ballot candidates it sees as threatening its core interests. Chinese influence actors additionally are using “social media to sow division in the United States and portray democracies as chaotic.”
Microsoft attributed the attempted hack of the unnamed presidential campaign advisor to a threat actor it tracks as Mint Standstorm – also known as APT42 and Cobalt illusion. The group has a history of targeting senior political official and previous Microsoft analysis has show it growing in sophistication (see: Iranian Hackers Gain Sophistication, Microsoft Warns).
Iranian efforts also include launching news sites designed to stir controversy and targeting voters on opposite ends of the political spectrum. One of the sites, called Nio Thinker, caters to left-leaning audiences. Among the insults it hurled at Republican presidential candidate Donald Trump was calling him a “opioid-pilled elephant in the MAGA china shop” and a “raving mad litigiosaur.” Another site, Savannah Time, positions itself as a reliable conservative news with a heavy emphasis on covering LGBTQ+ rights and gender reassignment.
The sites use AI-generated content, partially plagiarized from U.S. publications.
In May testimony before the Senate Intelligence Committee, Director of National Intelligence Avril Haines emphasized Iran’s increasingly aggressive efforts to undermine confidence in U.S. democratic institutions.
“Iran is becoming increasingly aggressive in their efforts, seeking to stoke discord and undermine confidence in our democratic institutions,” Haines said.
She highlighted that Iran is adapting its cyber and influence activities, using social media platforms, issuing threats, and disseminating disinformation.
Haines warned that these tactics are likely to intensify as the election approaches, with Iran relying on its intelligence services and online influencers to promote their narratives.