Microsoft: Iran-linked hackers targeting November US elections

Microsoft Corporation has announced that Iran-linked hacker groups are reportedly launching a campaign to interfere in the upcoming US elections in November.

“Today, we're revealing intelligence on activities we've been monitoring that increasingly suggest Iran’s intention to influence this year's US presidential election. Recently, Iranian government-linked groups have intensified two types of activities,” Caliber.Az reports citing the corporation’s statement.

According to the statement, firstly, they have set the stage for influence campaigns on popular election-related topics and have started these campaigns with the apparent goal of creating controversy or swaying voters, particularly in swing states. Secondly, they have initiated operations that Microsoft believes are aimed at gathering intelligence on political campaigns to potentially influence future elections. Our new report outlines this activity and provides four examples that illustrate what we might expect from Iran as the November elections approach.

One Iranian group has been creating covert news websites targeting US voter groups across the political spectrum. For example, one site, Nio Thinker, caters to left-leaning audiences and disparages former President Donald Trump with phrases like “opioid-pilled elephant in the MAGA china shop” and “raving mad litigiosaur.” Another site, Savannah Time, presents itself as a “trusted source for conservative news in Savannah” and covers topics such as LGBTQ+ issues and gender reassignment. Evidence suggests these sites may be using AI tools to plagiarize content from US publications.

Another Iranian group has been preparing for US-focused influence operations since March, potentially escalating to more severe actions such as intimidation or incitement of violence against political figures or groups. Their ultimate goals appear to be creating chaos, undermining authorities, and casting doubt on election integrity.

Additionally, an Iranian group associated with the Islamic Revolutionary Guard Corps (IRGC) sent a spear phishing email in June to a high-ranking official on a presidential campaign from a compromised email account of a former senior advisor. The email contained a link that redirected through a domain controlled by the group before reaching the intended site. Shortly after, the same group attempted to access an account belonging to a former presidential candidate, though this attempt was unsuccessful. We have informed the targeted individuals.

A fourth Iranian group compromised the account of a county-level government employee in a swing state as part of a broader password spray operation. Although Microsoft Threat Intelligence did not observe any further access beyond this single account, the group's activities since early 2023 have focused on strategic intelligence collection, particularly in the satellite, defence, and health sectors, with some targeting of U.S. government organizations, often in swing states.

“We provide this intelligence to help voters, government institutions, candidates, parties, and others recognize and guard against influence campaigns and threats. We also offer training for candidates and parties involved in this year's elections, expanding on our existing programs like AccountGuard. Microsoft does not endorse any candidates or political parties; our aim in publishing these reports is to emphasize the need to combat election-related misinformation and enhance awareness of potential foreign interference,” the statement said.