Summary:
Iran-linked threat actors are accelerating their malicious online activity intending to influence the United States presidential election by capitalizing on political polarization via TTPs such as creating fake news websites that target extremists, impersonating U.S. political activists, performing email phishing attacks from former political advisors, and making attempts to successfully log into an account belonging to a former presidential candidate, all to stoke division and political tension, especially in swing states where they potentially have the most influence. Examination of webpage source code and indicators in the articles themselves suggest the sites’ operators are likely using SEO plugins and other generative AI-based tools to create article titles, keywords, and to automatically rephrase stolen content in a way that drives search engine traffic to their sites while obfuscating the content’s original source. The report does not specifically mention Iran-sponsored threat actors’ intentions besides sowing general chaos and possibly seeking retaliation against those involved in the 2020 attack ordered against an Iranian general. The report also reveals how Russia and China are exploiting U.S. political polarization to advance their divisive messaging in a consequential election year. All of America’s adversaries have been attempting to seed the internet with false and incendiary claims with willful determination. The Microsoft report states that as Iran escalates its cyber influence, Russia-linked actors also have pivoted their influence campaigns to focus on the U.S. election, while actors linked to the Chinese Communist Party have taken advantage of pro-Palestinian university protests and other current events in the U.S. to try to incite U.S. political tensions further. Microsoft does indicate they have been monitoring how adversaries are weaponizing generative AI technology to mislead US citizens. However, based on their observations regarding foreign experimentation of AI technology in US political influence operations, these efforts have had little impact thus far. According to Microsoft, this has led to adversaries pivoting back to proven techniques. U.S. Intelligence confirms that Russia continues to pose the most dangerous and ominous threat regarding election misinformation. Microsoft specifically notes observing activity from four different Iranian threat actors: Sefid Flood, Mint Sandstorm, Peach Sandstorm, and Storm-2035.

Security Officer Comments:
The observed influence campaign activity of Iranian threat actors recently published by Microsoft in a threat intelligence report highlights their increased cyber-enabled influence activity preceding the US election. The report underscores a troubling escalation in foreign interference aimed at the upcoming U.S. presidential election, highlighting an aggressive and multifaceted approach mainly by Iranian adversaries, but also Russia and China. This coordinated effort to exploit political polarization and manipulate public opinion represents a serious threat to the democratic process, especially the ability of regular citizens to discern legitimate election and party platform information. Iran-linked threat actors, such as Sefid Flood, Mint Sandstorm, Peach Sandstorm, and Storm-2035, are intensifying their cyber activities with a clear focus on creating chaos and exacerbating existing political divisions within the United States. Their tactics, including the creation of fake news websites targeting extremists, impersonation of U.S. political activists, phishing attacks, and attempts to access sensitive political accounts, are designed to stoke discord and capitalize on the nation’s political fractures to deliberately destabilize the electoral environment. Russia and China are not sitting idly by; their strategies are also evolving in response to the current political landscape. Russia's focus on election misinformation continues to pose a significant threat, with a well-documented history of successful influence campaigns. Adversaries appear to be returning to more traditional techniques, which may reflect a recognition of the limitations or risks associated with AI in the current context. The convergence of these international threats underscores a broader strategic challenge for U.S. cybersecurity and election integrity efforts. As adversaries refine their approaches and exploit new opportunities, it is crucial for both government and private sector entities to remain agile and informed. Monitoring these threats and enhancing protective measures will be key in mitigating their impact and safeguarding the integrity of the electoral process. The comprehensive approach of these foreign actors necessitates a robust and coordinated response that includes emphasizing employee awareness, especially political aides and advisors to preserve democratic institutions and public trust.

Suggested Corrections:
Organizations can make APT groups’ lives more difficult. Here’s how:

• Defense-in-depth strategy: A comprehensive defense-in-depth strategy is crucial to combat APTs. This includes implementing multiple layers of security controls, such as strong perimeter defenses, network segmentation, endpoint protection, intrusion detection systems, data encryption, access controls, and continuous monitoring for anomalies.
• Threat intelligence and sharing: Ideally, organizations should actively participate in threat intelligence sharing communities and collaborate with industry peers, government agencies, and security vendors. Sharing information about APTs and their techniques can help detect and mitigate attacks more effectively.
• Employee education and awareness: Regular security awareness programs, phishing simulations, and training sessions can educate employees about the latest threats, social engineering techniques, and safe computing practices.
• Incident response and recovery: Despite preventive measures, organizations should have a well-defined incident response plan. This includes incident detection, containment, eradication, and recovery procedures to minimize the impact of APT attacks and restore normal operations.

Link(s):
https://www.securityweek.com/iran-is-accelerating-cyber-activity-that-appears-meant-to-influence-the-us-election-microsoft-says/

https://www.microsoft.com/en-us/sec...-2024-with-cyber-enabled-influence-operations

PDF: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf