Iran accelerating cyber activity to influence US election, Microsoft says

Iran is ramping up online activity that appears intended to influence the upcoming US election – in one case, targeting a presidential campaign with an email phishing attack, Microsoft has said.

Iranian actors also have spent recent months creating fake news sites and impersonating activists, laying the groundwork to stoke division and potentially sway American voters this autumn, especially in swing states, the technology giant found.

The findings in Microsoft’s newest threat intelligence report show how Iran, which has been active in recent US campaign cycles, is evolving its tactics for another election that is likely to have global implications.

The report goes a step beyond anything US intelligence officials have disclosed, giving specific examples of Iranian groups and the actions they have taken so far.

Iran’s United Nations mission denied it had plans to interfere or launch cyber attacks in the US presidential election.

The report does not specify Iran’s intentions besides sowing chaos in the United States, though American officials have previously hinted that Iran particularly opposes former president Donald Trump.

US officials also have expressed alarm about Tehran’s efforts to seek retaliation over a 2020 strike on an Iranian general that was ordered by Mr Trump.

This week, the justice department in Washington unsealed criminal charges against a Pakistani man with ties to Iran who is alleged to have hatched assassination plots targeting multiple officials, potentially including Trump.

The report also reveals how Russia and China are exploiting US political polarization to advance their own divisive messaging in a consequential election year.

Microsoft’s report identified four examples of recent Iranian activity that the company expects to increase as November’s election draws closer.

First, a group linked to Iran’s Revolutionary Guard in June targeted a high-ranking US presidential campaign official with a phishing email, a form of cyber attack often used to gather sensitive information, according to the report, which did not identify which campaign was targeted.

The group concealed the email’s origins by sending it from the hacked email account of a former senior adviser, Microsoft said.

Days later, the Iranian group tried to log into an account that belonged to a former presidential candidate, but was not successful, Microsoft’s report said.

The company notified those who were targeted.

In a separate example, an Iranian group has been creating websites that pose as US-based news sites targeted to voters on opposite sides of the political spectrum, the report said.

One fake news site that lends itself to a left-leaning audience insults Mr Trump by calling him “raving mad” and suggests he uses drugs, the report said.

Another site meant to appeal to Republican readers centres on LGBTQ issues and gender-affirming surgery.

A third example Microsoft cited found that Iranian groups are impersonating US activists, potentially laying the groundwork for influence operations closer to the election.

Finally, another Iranian group in May compromised an account owned by a US government employee in a swing state, the report said. It was unclear whether that cyber attack was related to election interference efforts.

Iran’s UN mission sent The Associated Press an emailed statement: “Iran has been the victim of numerous offensive cyber operations targeting its infrastructure, public service centres, and industries.

“Iran’s cyber capabilities are defensive and proportionate to the threats it faces. Iran has neither the intention nor plans to launch cyber attacks.

“The US presidential election is an internal matter in which Iran does not interfere.”

The Microsoft report said that as Iran escalates its cyber influence, Russia-linked actors also have pivoted their influence campaigns to focus on the US election, while actors linked to the Chinese Communist Party have taken advantage of pro-Palestinian university protests and other current events in the US to try to raise political tensions.

Microsoft said it has continued to monitor how foreign foes are using generative AI technology. The increasingly cheap and easy-to-access tools can generate lifelike fake images, photos and videos in seconds, prompting concern among some experts that they will be weaponized to mislead voters this election cycle.

While many countries have experimented with AI in their influence operations, the company said, those efforts have not had much impact so far.

The report said as a result, some actors have “pivoted back to techniques that have proven effective in the past – simple digital manipulations, mischaracterization of content, and use of trusted labels or logos atop false information”.

Microsoft’s report aligns with recent warnings from US intelligence officials, who say America’s adversaries appear determined to seed the internet with false and incendiary claims ahead of November’s vote.

Top intelligence officials said last month that Russia continues to pose the greatest threat when it comes to election disinformation, while there are indications that Iran is expanding its efforts and China is proceeding cautiously when it comes to 2024.

Iran’s efforts seem aimed at undermining candidates seen as being more likely to increase tension with Tehran, the officials said. That is a description that fits Mr Trump, whose administration ended a nuclear deal with Iran, reimposed sanctions and ordered the killing of the top Iranian general.