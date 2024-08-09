



Today, we are sharing information about activities we are tracking that increasingly indicate that Iran intends to influence this year’s U.S. presidential election. In recent weeks, groups linked to the Iranian government have stepped up two types of activity. First, they have laid the groundwork for influence campaigns on election-related news stories and begun activating those campaigns in an apparent effort to stir controversy or influence voters, particularly in swing states. Second, they have launched operations that Microsoft says are designed to gain intelligence on political campaigns and enable them to influence elections in the future.

We discuss this activity in a new report we released today, which details this activity and four examples illuminate what we can increasingly expect from Iran as we approach November.

An Iranian group has launched underground news sites targeting groups of American voters from opposing political groups. One site, called Nio Thinker, is aimed at a left-leaning audience and insults former President Donald Trump, calling him an opioid-addled bull in a MAGA china shop and a raving litigator. Another, called Savannah Time, claims to be a trusted source of conservative news in the vibrant city of Savannah and focuses on topics such as LGBTQ+ issues and gender reassignment. Evidence we found suggests that the sites are using AI-powered services to plagiarize at least some of their content from American publications.

Since March, another Iranian group has been laying the groundwork for U.S.-led influence operations. We believe this group may engage in even more extreme activities, including intimidation or incitement to violence against political figures or groups, with the ultimate goal of causing chaos, undermining authorities, and casting doubt on the integrity of the elections.

In June, another Iranian group, this time linked to the Islamic Revolutionary Guard Corps (IRGC), sent a spear phishing email to a senior presidential campaign official from the compromised email account of a former senior adviser. The email contained a link that redirected traffic to a domain controlled by the group before redirecting it to the website in the provided link. A few days after this activity, the same group unsuccessfully attempted to log into the account of a former presidential candidate. We have since notified the targeted individuals.

A fourth Iranian group compromised the account of a county government employee in a key state. The compromise was part of a larger password spraying operation, and Microsoft Threat Intelligence did not observe that the actor gained additional access beyond the single account, making it difficult to discern the group’s ultimate goals. Since early 2023, the group’s operations have focused on strategic intelligence gathering, particularly in the satellite, defense, and healthcare sectors, with a focus on U.S. government organizations, often in key states.

Today’s Microsoft Threat Intelligence report comes from the Microsoft Threat Analysis Center, or MTAC, which tracks influence operations by specific nation-state groups around the world. MTAC regularly tracks threats to elections as part of Microsoft’s broader work on Democracy Forward and builds on the team’s work tracking threats to recent elections in India, the United Kingdom, and France. Today’s update also includes activity we’ve observed from actors advancing the geopolitical goals of Russia and China, each to varying degrees of effectiveness.

We share information like this so that voters, government institutions, candidates, parties, and others can be informed about influence campaigns and protect themselves from threats. We also trained candidates and parties involved in elections this year, building on our longstanding offerings, like AccountGuard. Finally, Microsoft will not endorse any candidate or political party. Our goal in publishing these reports is to highlight the importance of combating election deepfakes and to promote education and learning about potential foreign interference.

