Microsoft Warns of Iranian Hackers Targeting U.S. Officials During Presidential Campaign

Microsoft cybersecurity researchers published a report on Friday that said hackers tied to the Iranian government are attacking U.S. officials during the American presidential campaign.

The Microsoft report comes after U.S. intelligence officials said Iran is increasing its use of social media to exacerbate political discord as the election approaches.

WATCH — Top House Armed Services Dem: We Have “Adequate Deterrent” in Middle East, but Iran Turned Terrorists “Loose”:

Microsoft’s report said Russia is still a major player in “foreign malign influence concerning the 2024 U.S. election,” but Iranian mischief has surged over the past few months. Iran also caused trouble during the past three presidential elections.

“Iran’s operations have been notable and distinguishable from Russian campaigns for appearing later in the election season and employing cyberattacks more geared toward election conduct than swaying voters,” the report observed.

The Microsoft Threat Analysis Center (MTAC) said Russia, Iran, and the other top mischief-maker China have experimented with using generative artificial intelligence (AI) in their influence campaigns, but those cutting-edge techniques seemed to have “little effect,” so they pivoted back to tried-and-true old-school tactics like “simple digital manipulations, mischaracterization of content, and use of trusted labels or logos atop false information.”

One of the AI-driven capers described in Microsoft’s report was Iran creating four phony “news” websites – some leaning left, the others leaning right – and using AI to harvest legitimate news content to stock them with. 

It was not clear what Iran’s hackers hoped to accomplish with this setup, since actual news sites in the United States tend to be rather polarized these days. The examples of Iranian propaganda included in the Microsoft report did not look all that much different from the fare on mainstream-media websites. Presumably Iran thought it could use its phony sites to sow even more discord, but that would be a tall order in 2024.

WATCH — White House: Iran Took “Huge” “Escalatory Step” But We Won’t “Accept” “Constant, Rising Escalation”:

The Russians, on the other hand, are still remembering to pull the pins out of their information-warfare hand grenades before throwing them. Microsoft provided an example of a fake news report produced by Russia’s Storm-1516 disinformation operation that purportedly showed Ukrainian soldiers burning Donald Trump in effigy.

Iran is reportedly mixing some brute-force cyberattacks with its influence operations. In one notable instance, a hacking group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) sent a “spear-phishing email” to a “high-ranking official of a presidential campaign.”

Spear-phishing involves sending realistic-looking emails that appear to come from trusted contacts, but contain attachments laced with viral code, or trick the victim into clicking links that will take them to compromised websites.

“Another group with assessed links to the IRGC compromised a user account with minimal access permissions at a county-level government,” the report said.

This lower-level breach was part of what MTAC described as a “password spray operation,” essentially a brute-force tactic in which hackers blast away at a range of accounts with commonly used low-security passwords, and sometimes passwords they obtain from other systems through data theft, until they get lucky and penetrate someone’s account by guessing correctly.

WATCH — Wesley Clark: Iranians Say It Looks Like We’re “Complicit” with Iranian Regime We’re “Giving Them Money”:

“Microsoft Threat Intelligence did not observe any lateral movement or privilege escalation” from this attack, meaning the hackers were unable to penetrate deep into the county system they targeted or compromise other user accounts.

It was difficult for Microsoft to determine the objective of the hackers, although the IRGC-linked group involved – code-named APT-33 or “Peach Sandstorm” – has a history of “strategic intelligence collection” targeting the “satellite, defense, and pharmaceutical sectors,” as well as U.S. government organizations in “swing states.”

“The report does not specify Iran’s intentions besides sowing chaos in the U.S., though U.S. officials have previously hinted that Iran particularly opposes the former president and Republican nominee Donald Trump over his Democratic party rival, Kamala Harris,” the UK Guardian noted after reviewing the Microsoft report.