Iran is accelerating online activity that appears intended to influence the U.S. election, in one case targeting a presidential campaign with an email phishing attack, Microsoft said Friday.
Iranian actors also have spent recent months creating fake news sites and impersonating activists, laying the groundwork to stoke division and potentially sway American voters this fall, especially in swing states, the technology giant found.
The findings in Microsoft’s newest threat intelligence report show how Iran, which has been active in recent U.S. elections, is evolving its tactics for another election that’s likely to have global implications. The report goes a step beyond anything U.S. intelligence officials have disclosed, giving specific examples of Iranian groups and the actions they have taken so far. Iran’s United Nations mission denied it had plans to interfere or launch cyberattacks in the U.S. presidential election.
The report doesn’t specify Iran’s intentions besides sowing chaos in the United States, though U.S. officials have previously hinted that Iran particularly opposes former President Donald Trump. U.S. officials also have expressed alarm about Tehran’s efforts to seek retaliation for a 2020 strike on an Iranian general that was ordered by Trump. This week, the Justice Department unsealed criminal charges against a Pakistani man with ties to Iran who’s alleged to have hatched assassination plots targeting multiple officials, potentially including Trump.
The report also reveals how Russia and China are exploiting U.S. political polarization to advance their own divisive messaging in a consequential election year.
Microsoft’s report identified four examples of recent Iranian activity that the company expects to increase as November’s election draws closer.
First, a group linked to Iran’s Revolutionary Guard in June targeted a high-ranking U.S. presidential campaign official with a phishing email, a form of cyberattack often used to gather sensitive information, according to the report, which didn’t identify which campaign was targeted. The group concealed the email’s origins by sending it from the hacked email account of a former senior adviser, Microsoft said.
Days later, the Iranian group tried to log into an account that belonged to a former presidential candidate, but wasn’t successful, Microsoft’s report said. The company notified those who were targeted.
In a separate example, an Iranian group has been creating websites that pose as U.S.-based news sites targeted to voters on opposite sides of the political spectrum, the report said.
One fake news site that lends itself to a left-leaning audience insults Trump by calling him “raving mad” and suggests he uses drugs, the report said. Another site meant to appeal to Republican readers centers on LGBTQ issues and gender-affirming surgery.
A third example Microsoft cited found that Iranian groups are impersonating U.S. activists, potentially laying the groundwork for influence operations closer to the election.
Finally, another Iranian group in May compromised an account owned by a government employee in a swing state, the report said. It was unclear whether that cyberattack was related to election interference efforts.
Iran’s U.N. mission sent The Associated Press an emailed statement: “Iran has been the victim of numerous offensive cyber operations targeting its infrastructure, public service centers, and industries. Iran’s cyber capabilities are defensive and proportionate to the threats it faces. Iran has neither the intention nor plans to launch cyber attacks. The U.S. presidential election is an internal matter in which Iran does not interfere.”
The Microsoft report said that as Iran escalates its cyber influence, Russia-linked actors also have pivoted their influence campaigns to focus on the U.S. election, while actors linked to the Chinese Communist Party have taken advantage of pro-Palestinian university protests and other current events in the U.S. to try to raise U.S. political tensions.
Microsoft said it has continued to monitor how foreign foes are using generative AI technology. The increasingly cheap and easy-to-access tools can generate lifelike fake images, photos and videos in seconds, prompting concern among some experts that they will be weaponized to mislead voters this election cycle.
While many countries have experimented with AI in their influence operations, the company said, those efforts haven’t had much impact so far. The report said as a result, some actors have “pivoted back to techniques that have proven effective in the past – simple digital manipulations, mischaracterization of content, and use of trusted labels or logos atop false information.”
Microsoft’s report aligns with recent warnings from U.S. intelligence officials, who say America’s adversaries appear determined to seed the internet with false and incendiary claims ahead of November’s vote.
Top intelligence officials said last month that Russia continues to pose the greatest threat when it comes to election disinformation, while there are indications that Iran is expanding its efforts and China is proceeding cautiously when it comes to 2024.
Iran’s efforts seem aimed at undermining candidates seen as being more likely to increase tension with Tehran, the officials said. That’s a description that fits Trump, whose administration ended a nuclear deal with Iran, reimposed sanctions and ordered the killing of the top Iranian general.
An update last month from officials with the Office of the Director of National Intelligence (ODNI), FBI and Department of Homeland Security concluded that Tehran’s efforts appeared designed to undercut Trump.
“Since our last update, the [intelligence community] has observed Tehran working to influence the presidential election, probably because Iranian leaders want to avoid an outcome they perceive would increase tensions with the United States,” a senior ODNI official said, adding, “Iran’s preference is essentially a reflection of its desire to not worsen tensions with the United States, and Iran is opposing the candidate that Iran’s leaders perceive would increase those tensions.”
The officials did not explicitly name the Trump campaign and referred instead to the key findings of the 2020 assessment. They also stressed that most of Iran’s online activities, which they said rely on a “vast web” of internet personas, have been focused on stoking chaos and societal divisions.
The influence efforts also coincide with a time of high tensions between Iran and Israel, whose military the U.S. strongly supports.
Director of National Intelligence Avril Haines said last month that the Iranian government has covertly supported American protests over Israel’s war against Hamas in Gaza. In the statement, issued on July 9, Haines said the intelligence community had “observed actors tied to Iran’s government posing as activists online seeking to encourage protests and even providing financial support to protesters.”
America’s foes, Iran among them, have a long history of seeking to influence U.S. elections. In 2020, groups linked to Iran sent emails to Democratic voters in an apparent effort to intimidate them into voting for Trump, intelligence officials said.
