International

Iran targeting US elections using fake news, cyberattacks: Microsoft

Iran is using fake news and cyberattacks to target the 2024 election, according to a new report from Microsoft released Friday.

“Over the past several months, we have seen the emergence of significant influence activity by Iranian actors,” the Microsoft Threat Analysis Center (MTAC) wrote. “Recent activity suggests the Iranian regime — along with the Kremlin — may be equally engaged in election 2024.”

The report details the Iranian regime has posed as and impersonated “American extremists” to sow division among the electorate and incite violence.

“Looking forward, we expect Iranian actors will employ cyberattacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues,” MTAC said.

MTAC outlined several covert news operations operated by the Iranian regime, including a site called Nio Thinker established in late October. The site originally posted about the war in Gaza but has shifted its focus to the U.S. elections in recent months. Its contents are geared toward liberal audiences, according to MTAC’s assessment, and have written pieces insulting former President Trump.

Another site focuses heavily on Republican issues, particularly on subjects of gender, posing as local newsroom and “trusted source for conservative news in the vibrant city of Savannah.”

Alongside news operations, groups run by the Islamic Revolutionary Guard Corps (IRGC) have launched cyberattacks against high-ranking U.S. officials. One such incident involving Mint Sandstorm, an operation from the IRGC’s intelligence unit, targeted a high-ranking official of a presidential campaign in June.

The attackers sent a spear-phishing email using the compromised account of a former senior adviser, which would take the user to an Iranian-controlled domain before redirecting them to the correct website.

Following the first attack, the same group attempted to log in to the account belonging to a “former presidential candidate” on June 13. 

“[T]his targeting is a reminder that senior policymakers should be cognizant of monitoring and following cybersecurity best practices even for legacy or archived infrastructure, as they can be ripe targets for threat actors seeking to collect intelligence, run cyber-enabled influence operations, or both,” the MTAC added.

In a statement to The Associated Press, Iran’s U.N. mission denied involvement with the cyberattacks or interference.

“Iran has been the victim of numerous offensive cyber operations targeting its infrastructure, public service centers, and industries. Iran’s cyber capabilities are defensive and proportionate to the threats it faces. Iran has neither the intention nor plans to launch cyber attacks. The U.S. presidential election is an internal matter in which Iran does not interfere,” it wrote.

The alleged Iranian election attacks are accompanied by threats from Russia and China. China’s interference has intentionally directed left wing messaging about pro-Palestine protests into right-wing groups, which MTAC says was likely done to “agitate conflict” or “misunderstanding.”