Iranian hackers have probed US election websites for vulnerabilities, Microsoft says

By Sean Lyngaas, CNN

(CNN) — Iranian government-linked hackers have researched and probed election-related websites in multiple US swing states, in a possible effort to discover vulnerabilities that could be used to influence the presidential election, Microsoft said in a report released Wednesday.

Officials from multiple federal agencies are looking closely at the Iranian activity, a US official told CNN.

The researching of election-related websites took place in April but was only recently discovered by Microsoft analysts. The hackers also “conducted reconnaissance of major U.S. media outlets” in May, according to Microsoft.

US intelligence agencies have assessed that Iran has tried to stoke discord during the 2024 election, in part through hacking activity targeting the campaign of former President Donald Trump and in part by encouraging protests of US policy towards Israel.

Microsoft analysts expect the Iranian hacking group to “increase its activity as the election nears given the group’s operational tempo and history of election interference,” the tech firm said in its report Wednesday.

It’s the latest sign of efforts by multiple Iranian, Russian and Chinese groups to either influence or monitor the US election in the final throes of the presidential campaign.

There is no evidence that the Iranians’ reconnaissance and probing — which typically involves searching websites for vulnerabilities — has escalated to attempted hacks of those websites, sources familiar with the investigation told CNN. The activity does not threaten the integrity of voting, which has multiple safeguards and checks.

But the concern from US officials and private analysts is that this could be yet another foreign-backed effort to amplify concerns in the minds of Americans about voting. Hackers can leak publicly available voter registration data, for example, to try to convince people that they have access to more sensitive election systems.

The news comes a day after US intelligence agencies released an assessment accusing Russian operatives of creating and spreading viral audio content on X that smeared Democratic vice presidential candidate Tim Walz and was amplified by right-wing personalities. US intelligence officials are also concerned that Russia and Iran could use disinformation to try to foment violence in the days and weeks between Election Day and the certification of votes.

One Russian group in September pivoted from Telegram to X, where their manipulated videos attacking Harris have gained more traction, according to Microsoft. One such video used AI to falsely depict Harris making light of one of the assassination attempts on Trump and received tens of thousands of views on X, the report said.

Microsoft analysts call the hacking group that researched election-related websites Cotton Sandstorm and believe it is directed by Iran’s Islamic Revolutionary Guard Corps. The hackers haven’t yet launched an influence operation aimed at the 2024 election, according to Microsoft, but their history is a concern for US officials.

The same Iranian group posed as the far-right Proud Boys group to try to intimidate voters in the 2020 election. In 2020, Iranian hackers also probed election-related websites in multiple states and in one case, accessed voter registration data as part of an attempt to influence and undermine the US presidential election.

Another IRGC-backed group hacked documents held by Trump’s presidential campaign and leaked them to media outlets this summer.

China has not mounted a concerted effort to influence the presidential election, but has targeted at least 10 congressional, state or local election races with covert social media campaigns, according to US intelligence agencies.

The new Microsoft report shows evidence of Chinese operatives seeking to aggressively denigrate Senate and House candidates with posts on X.

“I agree with the assessment that we should expect to see more out of Iran, even if it’s hapless and ineffective like their 2020 efforts,” Chris Krebs, who was head of the federal Cybersecurity and Infrastructure Security Agency during the 2020 election, told CNN.

“We continue to see — whether it’s the Iranians, Russians, or Chinese — that information operations are more of a nuisance than game changers,” Krebs said. “But they’re cheap, they’re scalable, and there’s not a lot in terms of consequences.”

American voters, Krebs said, “should anticipate a noisy information environment in the coming months and not get caught up in the chaos.”

The-CNN-Wire
™ & © 2024 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.