Iran increasingly cyber-meddling in upcoming US election, Microsoft says in new warning

Iran is ramping up its digital election-meddling, trying to influence the 2024 election with fake news sites, propaganda and an email phishing attack against a presidential campaign, Microsoft said Friday.

Microsoft’s latest threat intelligence report dovetails with what U.S. intelligence officials have been saying for months about Tehran's interest in swaying U.S. elections ? especially the race between former President Donald Trump and his Democratic rivals.

The assessment is among the first by private sector threat analysis firms to appear since President Joe Biden dropped out of the race last month and Vice President Kamala Harris took his place as the Democratic nominee.

“Foreign malign influence concerning the 2024 U.S. election started off slowly but has steadily picked up pace over the last six months due initially to Russian operations, but more recently from Iranian activity,” said the report. “Over the past several months, we have seen the emergence of significant influence activity by Iranian actors.”

U.S. intelligence officials have long said Iran has one of the most sophisticated “foreign malign influence” operations of any U.S. rival, in some respects on par with Russia and China. Iran has given indications its current campaign is directed against Trump, likely over the 2020 drone assassination he ordered against Islamic Revolutionary Guard Corps General Qasem Soleimani, according to security experts.

The nine-page report said the effort is being led by groups of Iranian government cyberwarriors, whom researchers have identified with code names like Sefid Flood, Mint Sandstorm, Peach Sandstorm and Storm-2035.

Some have tried to hack into email accounts of key officials while others have spent months creating fake news sites in the U.S. and even impersonating activists as part of a campaign to amplify divisions among Americans and sway voters in key battleground states, the report said.

One site, Nio Thinker, first began publishing in late October and focused on the Israel-Hamas conflict before shifting to U.S. elections in recent months, Microsoft said.

"Its content caters to liberal audiences and includes sarcastic, long-winded articles insulting Trump including calling him an 'opioid-pilled elephant in the MAGA china shop' and a 'raving mad litigiosaur,' " Microsoft said.

Microsoft provided more detail than the U.S. intelligence community has in recent briefings about the specific activities of the various cybergroups, many of which are controlled by Iran's Revolutionary Guards. Iran’s United Nations mission in New York denied any effort to interfere with, or launch cyberattacks against, the U.S. presidential election, the Associated Press reported.

The Justice Department also has been investigating Iranian efforts to meddle in the election, and worse. It unsealed criminal charges Tuesday against a Pakistani man, alleging that he was working with Tehran to launch assassination plots in the U.S., including possibly against Trump.

And Director of National Intelligence Avril Haines said in a statement last month that Iran was covertly amplifying U.S. protests over Israel’s war against Hamas in Gaza.

Four examples of alleged Iranian election meddling

Microsoft, which has one of the biggest threat reporting divisions of any tech giant, said Russia and China are continuing longstanding campaigns to sow chaos and division, especially in an election year.

In its report, Microsoft identified four examples of Iranian efforts to meddle in the election in ways that it expects to increase between now and election day.

Potentially the most serious was an effort by the IRGC in June targeting a senior official of a presidential campaign with a phishing email designed to gain access to their computer network. The report did not identify which candidate was targeted, and requests for comment were not immediately returned by the Trump and Harris campaigns.

In 2016, Russian operatives hacked the email servers of the Democratic National Committee through a phishing attack on Hillary Clinton's campaign manager, leading to the release of hundreds of embarrassing emails.

Iran hackers hot for Trump

But senior U.S. intelligence officials told reporters last month that Iran’s efforts seem to be directed at undermining candidates seen as being more likely to increase tension with Tehran. Trump has not only acted with military aggression against Iran; he also killed an international nuclear deal with Iran signed during the Obama administration and reimposed harsh economic sanctions.

Trump also reportedly authorized a cyber strike on Iranian computer systems during his White House tenure.

The Microsoft report said Iranian cybergroups also tried unsuccessfully to log into the account of an unnamed former presidential candidate.

Microsoft did not identify the former candidate targeted by the June 13 intrusion, but said its "target selection and timing—days prior to phishing an active presidential campaign and months ahead of the election—suggest their attempted authentication may also be election-related."

If Trump was targeted, it wouldn't be the first time. Iranian hackers tried to breach the accounts of Trump administration officials and campaign staff ahead of the 2020 election, the report said.

Fake news websites

Iranian operatives have created websites posing as U.S.-based news organizations generating content “on opposing ends of the political spectrum with polarizing messaging,” the report said, including some anti-Trump stories.

The tech giant also said Iranian groups have impersonated U.S. activists and hacked into a county government email account in a swing state.

That compromise was part of a broader hacking operation, making it difficult to determine whether it was connected to the election, Microsoft said. "While unclear if related," it added, "it is worth noting that the targeted county had undergone a race-related controversy that made national news this year."

Barriers to foreign election meddling 'vanishingly small'

That same month, the chairman of the Senate Intelligence Committee warned that the 2024 election likely will see the biggest number of attacks yet by foreign forces, with Russia Iran and China leading the way.

“The barriers to entry for foreign malign influence – including election influence – have become almost vanishingly small,” Sen. Mark Warner, D-Va., said in prepared remarks before a Senate Intelligence Committee hearing on election interference. “I believe that what we may see from our adversaries going forward could be more sophisticated and more aggressive in both scale and scope.”

A combination of factors, including poorly regulated U.S. social media companies and increasingly bold foreign adversaries, have exacerbated the threat of foreign election influence, Warner said.

In the 2016 presidential election Russia conducted a persistent campaign to covertly influence the outcome in Trump's favor, according to U.S. intelligence agencies and a 2020 report from the then-Republican-led Senate Intelligence Committee.

But Warner said the threat is not limited to Russia, and that declassified intelligence assessments have identified a whole host of other “influence actors who have engaged in, or at least contemplated, election influence and interference activities – including not only Iran, Russia, and (China), but also Cuba, Venezuela, Hezbollah, and a range of foreign hacktivists and profit-motivated cybercriminals.”

This article originally appeared on USA TODAY: Iran ramping up meddling in US presidental election, Microsoft warns