As the 2024 US presidential election looms, the Microsoft Threat Analysis Center (MTAC) has unveiled an alarming uptick in cyber-enabled influence operations orchestrated by Iranian actors, marking a continuation of their growing threat in the electoral space. This development is particularly notable as it’s the third consecutive election cycle where Iran has actively sought to manipulate public sentiment and disrupt the electoral process through advanced cyber tactics. Historically overshadowed by Russian interference, Iran’s evolving strategies warrant increased attention.
The current Iranian campaigns represent a significant strategic pivot from previous electoral meddling. Rather than solely aiming to alter public opinion, Iranian operatives are now directly targeting the integrity of electoral infrastructure and procedures. Since June 2024, these activities have become more pronounced, with Iranian threat actors orchestrating cyberattacks against prominent political figures and institutions. Accompanying these efforts are disinformation campaigns that seek to exacerbate societal divisions around critical issues such as racial tensions, economic inequality, and gender rights.
Among the key players identified by MTAC is Sefid Flood, a group recognized for its tactics of impersonation and chaos, including doxing and inciting violence against officials. Mint Sandstorm, linked to the Islamic Revolutionary Guard Corps (IRGC), has executed precise cyber operations, most notably a spear-phishing attack targeting a senior campaign official. Additionally, Peach Sandstorm (APT-33) has engaged in password-spraying attacks, successfully breaching a county-level government account in a swing state.
Furthermore, the Iranian network Storm-2035 has launched covert news outlets that disseminate divisive content, leveraging AI tools to plagiarize and misrepresent US publications. This tactic not only amplifies their reach but also complicates the landscape of online information, making it increasingly challenging for voters to discern factual reporting from disinformation.
As the election date approaches, MTAC anticipates a marked escalation in these efforts, particularly focused on undermining electoral infrastructure and intensifying disinformation campaigns designed to exploit existing societal rifts. The implications of this sophisticated Iranian campaign pose significant questions for the integrity and security of the upcoming election, necessitating vigilant monitoring and strategic responses from US officials and stakeholders.