US warns of Iranian hackers escalating influence operations

The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public.

In a joint statement from the Office of the Director of National Intelligence (ODNI), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. says that Iran carried out cyberattacks in an attempt to gain access to sensitive information related to U.S. elections.

The advisory underlines Iran’s intention to sow doubts about the integrity of democratic institutions in the U.S. and conduct aggressive cyber activity on multiple levels to collect intelligence.

“Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome,” reads the public advisory.

“We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting Presidential campaigns.”

CISA and the FBI also confirmed that the recent reports about Iranians breaching former U.S. President Trump’s campaign are valid, attributing the attack to Iranian state-backed actors.

The incident, first reported by Politico, occurred earlier this month and involved stealing and leaking confidential information.

A couple of days earlier, Microsoft’s threat intelligence team warned about elevated activity from Iran targeting entities relating to the U.S. Presidential election using password spraying and spear-phishing tactics.

Another aspect refers to misinformation spread through Iranian operations, also highlighted in the latest CISA bulletin and recorded in the Microsoft report.

Furthermore, OpenAI announced late last week that it identified and disrupted a covert Iranian influence operation tracked as Storm-2035, which relied on ChatGPT to generate long-form content published on sites on both ends of the political spectrum, as well as social media comments (in English and Spanish).

Meta’s quarterly adversarial threat report for Q2 2024 ranked Iran as the second most frequent source of foreign interference, after Russia. Meta identified and disrupted 30 clusters of coordinated inauthentic behavior from Iran in the last quarter.

The U.S. authorities mention that none of this is new, as Iran and Russia are notorious for running influence operations for many years in various regions in the world.

Stakeholders and persons involved in the upcoming elections through any role are encouraged to report suspicious activity to their local FBI offices and CISA through this dedicated portal.

The FBI has recently assured the public that the security and resiliency of vote casting and counting will remain unaffected even in the case of disruptive activity targeting the voting infrastructure, such as ransomware attacks.

Related Articles:

US warns of last-minute Iranian and Russian election influence ops

US govt officials’ communications compromised in recent telecom hack

The Week in Ransomware - May 12th 2023 - New Gangs Emerge

FBI: Upcoming U.S. general election fuel multiple fraud schemes

US says Chinese hackers breached multiple telecom providers