Microsoft said on Friday that Iran has stepped up online activity it believes is intended to influence the upcoming U.S. elections, including email phishing attacks targeting the presidential campaign.
Iranian activists also have set up fake news sites and posed as activists in recent months to stomp division and lay the groundwork to sway American voters this fall, especially in battleground states, an investigation by the tech giants found.
Findings in Microsoft’s latest Threat Intelligence Report show how Iran, which has been active in the recent U.S. election campaign, is evolving its strategy ahead of the upcoming elections, which could have global implications.
The report goes a step further than U.S. intelligence sources, providing specific examples of Iranian groups and the actions they have taken so far.
Iran’s UN mission has denied it had any plans to interfere in the US presidential election or launch cyber attacks.
The report did not specify Iran’s intentions beyond sowing unrest in the United States, but U.S. officials have previously suggested Iran was specifically targeting former President Donald Trump.
U.S. officials have also expressed concern about Tehran’s efforts to retaliate for a 2020 attack on an Iranian general ordered by President Trump.
This week, the Department of Justice unsealed criminal charges against a Pakistani man with ties to Iran who allegedly hatched an assassination plot targeting multiple government officials, potentially including President Trump.
The report also finds that Russia and China are exploiting political polarization in the United States to push their own divisive messaging in a crucial election year.
Microsoft’s report identified four recent examples of Iranian activity that the company expects to increase as the November election approaches.
First, in June, a group linked to the Iranian Revolutionary Guard Corps targeted senior U.S. presidential campaign officials using phishing emails — a type of cyber attack often used to gather sensitive information — according to the report, which did not say which campaigns were targeted.
Microsoft said the group disguised the origin of the emails by sending them from the hacked email account of a former senior adviser.
A few days later, the Iranian group tried unsuccessfully to log into the former presidential candidate’s accounts, Microsoft reported, and the company notified those who had been targeted.
In another example, Iranian groups are creating websites posing as U.S.-based news sites to target voters on the political opposition, the report said.
One fake news site targeted at left-leaning readers insults Trump, calling him “crazy” and suggesting he uses drugs, the report said, while another site aimed at appealing to a Republican readership focuses on LGBTQ issues and gender reassignment surgery.
A third example cited by Microsoft found that Iranian groups were posing as US activists and potentially laying the groundwork for influence operations as the election drew near.
Finally, a separate Iranian group compromised accounts belonging to government officials in battleground states in May, the report said.
It is unclear whether the cyberattack was related to election interference efforts.
“Iran has been the victim of numerous aggressive cyber operations targeting its infrastructure, public service centers and industries,” Iran’s U.N. mission said in an emailed statement to The Associated Press.
Iran’s cyber capabilities are defensive and proportionate to the threats it faces. Iran has no intention or plans to launch cyber attacks.
The US presidential elections are an internal matter in which Iran should not interfere.”
As Iran strengthens its cyber influence, Russian-linked actors have also shifted their influence efforts to focus on the U.S. presidential election, while Chinese Communist Party-linked actors are seeking to capitalize on pro-Palestinian university protests and other current events in the U.S. to escalate political tensions in the United States, according to the Microsoft report.
Microsoft said it continues to monitor how foreign adversaries are using generative AI technology.
These increasingly cheap and accessible tools can create realistic looking fake images, photos and videos in seconds, raising concerns among some experts that they could be used as weapons to deceive voters in this election.
The company says many countries are experimenting with using AI in influence operations, but so far, those efforts have not been very effective.
As a result, some actors have “returned to tactics that have proven effective in the past: simple digital manipulation, mischaracterization of content, and the use of trusted labels and logos over disinformation,” the report said.
The Microsoft report echoes recent warnings from U.S. intelligence officials that America’s adversaries appear determined to spread false and inflammatory claims on the internet ahead of the November vote.
Senior intelligence officials said last month that Russia remains the biggest threat when it comes to election disinformation, while there are signs that Iran is expanding its efforts and China is proceeding cautiously ahead of 2024.
The Iranian effort appears aimed at undermining a candidate seen as likely to increase tensions with Tehran, the officials said.
It’s a description that could be applied to the Trump administration, which has terminated the nuclear deal with Iran, reimposed sanctions and ordered the killing of a top Iranian general.
These efforts to expand their influence come at a time of rising tensions between Iran and Israel, which is strongly backed militarily by the United States.
Director of National Intelligence Avril Haines said last month that the Iranian government was covertly supporting American protests against Israel’s war against Hamas in the Gaza Strip.
Haines said groups with ties to Iran were posing as online activists, encouraging protests and providing funding to some of the protest groups.
America’s adversaries, particularly Iran, have a long history of trying to influence American elections.
Intelligence officials said they found that groups with ties to Iran sent emails to Democratic supporters in 2020 threatening to vote for Trump.
