Iranian hackers have probed US election websites for vulnerabilities, Microsoft says

Washington (Reuters): Iranian government-linked hackers have researched and probed election-related websites in multiple US swing states, in a possible effort to discover vulnerabilities that could be used to influence the presidential election, Microsoft said in a report released Wednesday.

Officials from multiple federal agencies are looking closely at the Iranian activity.

The researching of election-related websites took place in April but was only recently discovered by Microsoft analysts. The hackers also “conducted reconnaissance of major U.S. media outlets” in May, according to Microsoft.

US intelligence agencies have assessed that Iran has tried to stoke discord during the 2024 election, in part through hacking activity targeting the campaign of former President Donald Trump and in part by encouraging protests of US policy towards Israel.

Microsoft analysts expect the Iranian hacking group to “increase its activity as the election nears given the group’s operational tempo and history of election interference,” the tech firm said in its report Wednesday.

It’s the latest sign of efforts by multiple Iranian, Russian and Chinese groups to either influence or monitor the US election in the final throes of the presidential campaign.

There is no evidence that the Iranians’ reconnaissance and probing — which typically involves searching websites for vulnerabilities — has escalated to attempted hacks of those websites, sources familiar with the investigation told CNN. The activity does not threaten the integrity of voting, which has multiple safeguards and checks.

But the concern from US officials and private analysts is that this could be yet another foreign-backed effort to amplify concerns in the minds of Americans about voting. Hackers can leak publicly available voter registration data, for example, to try to convince people that they have access to more sensitive election systems.

The news comes a day after US intelligence agencies released an assessment accusing Russian operatives of creating and spreading viral audio content on X that smeared Democratic vice presidential candidate Tim Walz and was amplified by right-wing personalities. US intelligence officials are also concerned that Russia and Iran could use disinformation to try to foment violence in the days and weeks between Election Day and the certification of votes.

One Russian group in September pivoted from Telegram to X, where their manipulated videos attacking Harris have gained more traction, according to Microsoft. One such video used AI to falsely depict Harris making light of one of the assassination attempts on Trump and received tens of thousands of views on X, the report said.

Microsoft analysts call the hacking group that researched election-related websites Cotton Sandstorm and believe it is directed by Iran’s Islamic Revolutionary Guard Corps. The hackers haven’t yet launched an influence operation aimed at the 2024 election, according to Microsoft, but their history is a concern for US officials.

The same Iranian group posed as the far-right Proud Boys group to try to intimidate voters in the 2020 election. In 2020, Iranian hackers also probed election-related websites in multiple states and in one case, accessed voter registration data as part of an attempt to influence and undermine the US presidential election.