In the lead-up to the U.S. presidential election on Nov. 5, intelligence officials are sounding the alarm about possible election interference by foreign actors.
The National Intelligence Council released an update on election security on Tuesday, warning Americans that foreign actors—particularly Russia, Iran and China—are likely attempting to interfere in the election by launching disinformation campaigns aimed at creating doubts about the electoral process.
“The IC [Intelligence Community] expects foreign actors to continue to conduct influence operations through inauguration denigrating U.S. democracy, including by calling into question the results of the election,” the release said.
The council also noted that Iran may attempt to incite violence as it did during the 2020 presidential election. “In December 2020, Iran almost certainly was responsible for the creation of a website containing death threats against U.S. election officials.”
As part of its in-depth analysis of election interference, Kharon has highlighted a network of Iranian cyber actors who have attempted to influence the 2024 and 2020 U.S. presidential elections. These hacking groups include Lemon Sandstorm, Peach Sandstorm, Storm-2035, and Sefid Flood, all of which are affiliated with the Iranian government, including the Islamic Revolutionary Guard Corps (IRGC).
According to an August report from the Microsoft Threat Analysis center, Storm-2035 is attempting to sow discord among the American public by spreading “polarizing messaging” targeted at U.S. “voter groups on opposing ends of the political spectrum… on issues such as the U.S. presidential candidates, LGBTQ rights, and the Israel-Hamas conflict."
Storm-2035 also operates several websites masquerading as U.S. news outlets with the intention of spreading divisive messages on controversial issues.
The National Intelligence Council released an update on election security on Tuesday, warning Americans that foreign actors—particularly Russia, Iran and China—are likely attempting to interfere in the election by launching disinformation campaigns aimed at creating doubts about the electoral process.
“The IC [Intelligence Community] expects foreign actors to continue to conduct influence operations through inauguration denigrating U.S. democracy, including by calling into question the results of the election,” the release said.
The council also noted that Iran may attempt to incite violence as it did during the 2020 presidential election. “In December 2020, Iran almost certainly was responsible for the creation of a website containing death threats against U.S. election officials.”
As part of its in-depth analysis of election interference, Kharon has highlighted a network of Iranian cyber actors who have attempted to influence the 2024 and 2020 U.S. presidential elections. These hacking groups include Lemon Sandstorm, Peach Sandstorm, Storm-2035, and Sefid Flood, all of which are affiliated with the Iranian government, including the Islamic Revolutionary Guard Corps (IRGC).
According to an August report from the Microsoft Threat Analysis center, Storm-2035 is attempting to sow discord among the American public by spreading “polarizing messaging” targeted at U.S. “voter groups on opposing ends of the political spectrum… on issues such as the U.S. presidential candidates, LGBTQ rights, and the Israel-Hamas conflict."
Storm-2035 also operates several websites masquerading as U.S. news outlets with the intention of spreading divisive messages on controversial issues.
Kharon users can explore Storm-2035’s network directly in the ClearView portal.
The Microsoft report also disclosed some of the operations conducted by Sefid Flood. This Iranian cyber actor “specializes in impersonating social and political activist groups” in an effort to “undermine trust in authorities and sow doubt about election integrity.”
The group may also use intimidation and doxing tactics, as well as participate in violent incitement targeting political figures and groups.
Lemon Sandstorm, the other Iranian cyber actor identified in the Microsoft report, is known for its ransomware hack-and-leak operations. The hacking group reportedly accessed a local U.S. election results website in 2020.
According to an August advisory from The Cybersecurity and Infrastructure Security Agency (CISA), Lemon Sandstorm "uses the Iranian company name Danesh Novin Sahand, likely as a cover IT entity for the group’s malicious cyber activities."
Kharon’s research builds on a recent Treasury designation that sanctioned seven Iranian agents for their role in attempting to interfere in the U.S. election.
The sanctioned individuals were part of a “coordinated U.S. government response to Iran’s operations that sought to influence or interfere in the 2024 and 2020 presidential elections.”
“Iranian state-sponsored actors undertook a variety of malicious cyber activities, such as hack-and-leak operations and spear-phishing, in an attempt to undermine confidence in the United States’ election processes and institutions and to interfere with political campaigns,” the Treasury said.
One of the seven individuals who were sanctioned was Masoud Jalili, who, along with IRGC members, “compromised several accounts of officials and advisors to a 2024 presidential campaign.”
In 2022, Jalili participated in malicious cyber operations, including spear-phishing, that targeted a former U.S. government official.
The other agents sanctioned by Treasury include six employees and executives of Emennet Pasargad, an Iranian cybersecurity firm that was sanctioned in 2019 and 2020.
In 2020, the company launched a cyber operation to “intimidate and influence American voters, and to undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election.”
The group may also use intimidation and doxing tactics, as well as participate in violent incitement targeting political figures and groups.
Lemon Sandstorm, the other Iranian cyber actor identified in the Microsoft report, is known for its ransomware hack-and-leak operations. The hacking group reportedly accessed a local U.S. election results website in 2020.
According to an August advisory from The Cybersecurity and Infrastructure Security Agency (CISA), Lemon Sandstorm "uses the Iranian company name Danesh Novin Sahand, likely as a cover IT entity for the group’s malicious cyber activities."
Kharon’s research builds on a recent Treasury designation that sanctioned seven Iranian agents for their role in attempting to interfere in the U.S. election.
The sanctioned individuals were part of a “coordinated U.S. government response to Iran’s operations that sought to influence or interfere in the 2024 and 2020 presidential elections.”
“Iranian state-sponsored actors undertook a variety of malicious cyber activities, such as hack-and-leak operations and spear-phishing, in an attempt to undermine confidence in the United States’ election processes and institutions and to interfere with political campaigns,” the Treasury said.
One of the seven individuals who were sanctioned was Masoud Jalili, who, along with IRGC members, “compromised several accounts of officials and advisors to a 2024 presidential campaign.”
In 2022, Jalili participated in malicious cyber operations, including spear-phishing, that targeted a former U.S. government official.
The other agents sanctioned by Treasury include six employees and executives of Emennet Pasargad, an Iranian cybersecurity firm that was sanctioned in 2019 and 2020.
In 2020, the company launched a cyber operation to “intimidate and influence American voters, and to undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election.”
Kharon users can explore Iran’s extensive cyber network directly in the ClearView portal.
