- Microsoft recently revealed that pro-Iran groups might be trying to pace up their attacks and incite violence against key figures.
- Unlike Russian groups, Iranian groups are more focused on disrupting than elections and swaying voters.
- Iran’s United Nations has denied these allegations.
Microsoft recently revealed that pro-Iran groups might be trying to step up their game in trying to sabotage US elections. What started as a manageable intrusion has been slowly gaining pace and leading to inciting violence against key figures.
‘Over the past several months, we have seen the emergence of significant influence activity by Iranian actors’ – Microsoft
It’s easy to distinguish Iranian attacks from Russian attacks. Unlike Russia, Iran mostly launches attacks in the later phase of the elections and is focused more on hampering the election conduct than trying to sway the voter’s decision.
This isn’t the first time that Iran is trying to meddle with US elections. In the last three cycles, similar intrusion has been noticed. However, things have escalated a lot this year. Microsoft had earlier warned that China is also using AI tools to affect US elections.
Examples of Attack
Multiple state-backed groups along with other threat actors affiliated with unknown groups are together launching attacks, each with their own distinct motive and methods.
Sefid Flood
For example, Sefid Flood, one of the groups that Microsoft is tracking is known for impersonating social and political activist groups in order to reduce people’s trust in political leaders and the whole election process itself.
According to Microsoft, the group has been laying the groundwork for its operations since March 2024.
Peach Sandstorm
Similarly, state-backed groups like Mint Sandstorm and Peach Sandstorm ( both run by Iranian intelligence, the Islamic Revolutionary Guard Corps (IRGC)) are also laying similar groundwork.
On June 13 this year, Mint Sandstorm tried to access the account of a former presidential candidate but failed. Although there is no proof that could link this attempt to the elections, the timing of the attack leaves no other plausible explanation.
And just a few days after that, it was caught trying to spear-phish a presidential campaign official with the help of a former senior advisor’s account that the group compromised. The email they sent contained a link that would allow the IRGC to intercept the official’s traffic.
Also, a month before this, Peach Sandstorm launched a password-hunting mission in which it successfully managed to compromise the account of a user at a county-level government in a US swing state. However, it didn’t do much with the compromised account so maybe it was not election-related.
Other Methods
Another popular method adopted by Iranian groups is phone news outlets that mislead voters. For example, a group called Storm-2035 runs an online news portal called EvenPolitics that publishes around 10 articles a week.
Note: Microsoft names groups “Storm-X” when they’re under active development.
Another news outlet called Nio Thinker was created in October 2023 to talk about the Israel-Hamas conflict and later shifted to target left-leaning US voters with anti-Trump posts.
Iran’s United Nations addressed the allegations and said that it has no plans to interfere with the US presidential elections. But again, who would own up to allegations like that?
Now, the question is whether the US is prepared to handle such attacks. While the US authorities have been very insistent that elections this year are safer than ever, CISA director Jen Easterly said that the improving sophistication of attack techniques is a matter of concern.