Iranian hackers ramping up US election interference, Microsoft warns

Iranian hackers have increased their efforts to influence the upcoming U.S. election, attempting to break into the campaign of an unnamed presidential candidate and creating fake news websites aimed at conservative and liberal voters, Microsoft researchers said in a new report.

The tech giant’s findings are the first public evidence of what U.S. intelligence officials have warned in recent months is Tehran’s intent to act as a “chaos agent” and use disinformation to incite violence.

The government-linked operatives have “laid the groundwork for influence campaigns on trending election-related topics and begun to activate these campaigns in an apparent effort to stir up controversy or sway voters — especially in swing states,” Clint Watts, the general manager of Microsoft’s Threat Analysis Center, wrote in a blog post.

In one instance, a group run by the country’s Islamic Revolutionary Guard Corps (IRGC) intelligence unit “sent a spear-phishing email to a high-ranking official of a presidential campaign” in June. Microsoft did not say if the malicious attempt was successful. 

Meanwhile, another group connected to the IRGC breached a “user account with minimal access permissions at a county-level government,” according to the report.

Iranian hackers also allegedly created a slew of phony news sites intended to rile up voters in key states. The “covert” sites relied on artificial intelligence to pilfer from legitimate news sources.

One such site labeled former Donald Trump an “opioid-pilled elephant in the MAGA china shop,” Microsoft found. The tone is reflective of what clandestine officials have said is Tehran’s preference for the Democratic candidate in the race, based on the perception that they would be less likely to increase tensions between the two countries.

Another conservative site, dubbed Savannah Time, focused on Republican politics and LGBTQ issues.

The activities are not the first time Iran has tried to meddle in U.S. presidential politics. In 2020, U.S. Cyber Command personnel were conducting a reconnaissance mission in foreign cyberspace when it detected that Pioneer Kitten, an Iran-linked hacking group, was trying to gain access to a city’s election infrastructure, which tallied votes.

The command, along with the Cybersecurity and Infrastructure Security Agency, eventually kicked the hackers off the network.

The incident was separate from another instance in which two Iranian nationals were eventually charged by the Justice Department for attempting to influence the election.

“We share intelligence like this so voters, government institutions, candidates, parties, and others can be aware of influence campaigns and protect themselves from threats,” Watts wrote, noting that the company would not endorse a particular candidate or political party.

“Our goal in releasing these reports is to underscore the importance of combating election deepfakes and promoting education and learning about possible foreign interference.”