25-10-2024
WASHINGTON/ NEW YORK: An Iranian hacking group is actively scouting US election-related websites and American media outlets as Election Day nears, with activity suggesting preparations for more “direct influence operations,” according to a Microsoft blog published on Wednesday.
The hackers dubbed Cotton Sandstorm by Microsoft and linked to Iran’s Islamic Revolutionary Guard Corps performed reconnaissance and limited probing of multiple “election-related websites” in several unnamed battleground states, the report said. In May, they also scanned an unidentified US news outlet to understand its vulnerabilities.
US Vice President Kamala Harris, the Democratic candidate, faces Republican rival Donald Trump in the Nov. 5 presidential election, which polls suggest is an extremely tight race.
“Cotton Sandstorm will increase its activity as the election nears given the group’s operational tempo and history of election interference,” researchers wrote. The development is particularly concerning because of the groups past efforts, they said.
A spokesperson for Iran’s mission to the United Nations said that “such allegations are fundamentally unfounded, and wholly inadmissible.”
“Iran neither has any motive nor intent to interfere in the US election,” the spokesperson said.
In 2020, Cotton Sandstorm launched a different cyber-enabled influence operation shortly before the last presidential election, according to US officials. Posing as the right-wing “Proud Boys,” the hackers sent thousands of emails to Florida residents, threatening them to “vote for Trump or else!”
The group also released a video on social media, purporting to come from activist hackers, where they showed them probing an election system. While that operation never affected individual voting systems, the goal was to cause chaos, confusion and doubt, senior US officials said at the time.
Following the 2020 election, Cotton Sandstorm also ran a separate operation that encouraged violence against US election officials who had denied claims of widespread voter fraud, Microsoft said.
The Office of the Director of National Intelligence, which is coordinating the US federal effort to protect the election from foreign influence, referred Reuters to a past statement that said: “Foreign actors particularly Russia, Iran, and China remain intent on fanning divisive narratives to divide Americans and undermine Americans’ confidence in the US democratic system.”
Government analysts and private sector investigators were able to rapidly attribute to Iranian hackers a wave of thousands of threatening emails aimed at US voters because of mistakes made in a video attached to some of the messages, according to four people familiar with the matter.
Those failures provided a rare opportunity for the US government to identify and publicly announce blame for a malicious cyber operation in a matter of days, something that usually requires months of technical analysis and supporting intelligence.
“Either they made a dumb mistake or wanted to get caught,” said a senior US government official, who asked not to be identified. “We are not concerned about this activity being some kind of false flag due to other supporting evidence. This was Iran.”
Attribution to Iranian hackers does not necessarily mean a group is working at the behest of the government there. Iranian officials denied the US allegations. (Int’l Monitoring Desk)