As the US presidential election approaches, an Iranian hacking group known as Cotton Sandstorm is actively targeting election-related websites and media outlets in the United States, according to a recent report by Microsoft. Linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), this group has been performing reconnaissance and probing key election systems in multiple states, raising concerns of potential foreign interference.
The report, released on Wednesday, highlights Cotton Sandstorm’s activities in several battleground states, where the group has been assessing vulnerabilities in election infrastructure.
Additionally, in May of this year, the group scanned an unidentified U.S. media outlet, possibly aiming to uncover weaknesses that could be exploited for more direct influence operations.
History of US Presidential Election Interference
This is not the first time Cotton Sandstorm has engaged in such activities. In the 2020 US presidential election, the group was involved in a cyber-influence operation designed to spread disinformation and create chaos. Disguised as members of the right-wing group “Proud Boys,” the hackers sent threatening emails to Florida voters, pressuring them to support former President Donald Trump. Although this campaign did not directly compromise voting systems, its aim was to sow doubt and confusion around the election process.
In the aftermath of the 2020 election, Cotton Sandstorm launched another operation, this time encouraging violence against election officials who had dismissed claims of widespread voter fraud. Such actions further underscored the group’s intent to destabilize the democratic process by undermining public confidence in election outcomes.
Microsoft’s Findings on 2024 Election Threats
In its latest report, Microsoft’s Threat Analysis Center (MTAC) warns that Cotton Sandstorm is ramping up its efforts in the lead-up to the 2024 election. “Cotton Sandstorm will increase its activity as the election nears, given the group’s operational tempo and history of election interference,” Microsoft researchers wrote. This activity is part of a broader campaign by foreign actors, including Russia and China, to influence U.S. politics by spreading divisive content.
U.S. government agencies, including the Office of the Director of National Intelligence (ODNI), have confirmed the ongoing efforts of foreign adversaries to interfere in the US presidential election process. Foreign actors — particularly Russia, Iran, and China — remain intent on fanning divisive narratives to divide Americans and undermine Americans’ confidence in the U.S. democratic system,” ODNI stated in a previous report.
Growing Use of Cyber-Influence Operations
The tactics employed by Cotton Sandstorm appear to be part of a larger strategy by foreign nations to manipulate public perception through disinformation campaigns. According to Microsoft, Iran’s cyber operations have extended beyond just the US presidential election race. The group has launched cyber-attacks against a wide range of targets, including U.S. media outlets, using stolen, non-public information from the Trump campaign to fuel their efforts.
At the same time, Russian cyber actors have shifted their focus towards Democratic candidate Kamala Harris, using AI-generated content to spread false information. In one instance, a video featuring a deepfake of Harris making derogatory comments about Trump circulated online. In another, Harris was falsely accused of illegal activities abroad. These videos, though often low in engagement, reflect Russia’s ongoing attempts to interfere in U.S. elections.
Meanwhile, Chinese actors have focused their influence operations on down-ballot candidates and members of Congress, particularly those with anti-China policies. This includes attacks on several high-profile Republicans, such as Senator Marsha Blackburn and Representative Barry Moore, with attempts to smear their reputations and boost opposition candidates.
Concerns Over Foreign Influence
The increased frequency and sophistication of these foreign influence operations present a significant threat to the integrity of the upcoming US presidential election. Historically, foreign actors have demonstrated a remarkable ability to spread deceptive content rapidly, with the potential to shape public opinion and influence electoral outcomes.
As the election draws nearer, voters and institutions must remain vigilant against online disinformation. Foreign adversaries, particularly those from Russia, Iran, and China, are expected to ramp up their efforts in the final days leading up to November 5, seeking to exploit divisions and create uncertainty around the election results.
Response from Iran and Outlook
A spokesperson for Iran’s mission to the United Nations dismissed Microsoft’s allegations, calling them “fundamentally unfounded and wholly inadmissible.” The spokesperson further asserted that Iran has no intent to interfere in U.S. elections, though U.S. officials remain wary given Cotton Sandstorm’s previous actions.
Despite these denials, U.S. government agencies are taking the threat of foreign interference seriously. Efforts to safeguard election integrity are being coordinated across multiple levels of government, with increased focus on monitoring cyber-influence campaigns and ensuring transparency in the electoral process.
Remaining Vigilant
Microsoft’s MTAC report stresses the importance of early detection and public awareness in countering these influence campaigns. With less than two weeks until Election Day, the group calls for heightened vigilance, particularly during the 48-hour window before and after Election Day when disinformation is likely to peak.
By remaining alert and skeptical of suspicious online content, voters and government institutions can help minimize the impact of foreign interference. Fact-checking and rapid response measures are crucial to maintaining public trust in the democratic process. As the final stretch of the 2024 election approaches, the resilience of the U.S. electoral system will be tested once again by foreign adversaries intent on disrupting the outcome.
Microsoft’s ongoing reports and warnings highlight the growing threat posed by foreign cyber actors, but they also serve as a reminder of the need for collective action to defend the integrity of democratic processes.
