Iran is striking left and right in an attempt to interfere in the US presidential election in November using slick-looking websites, hacking and phishing attacks.
The aim of the sophisticated campaign, US intelligence and cyber threat experts say, is to foster distrust in America’s democratic system and exploit and deepen social divides.
As the Nov. 5 election nears, Iranian hackers have been accused of targeting the email accounts of Republican candidate, former President Donald Trump, and his Democratic rival, Kamala Harris.
US intelligence reports and researchers say both political campaigns were targeted by phishing attacks carried out by a group with suspected ties to Iran’s Islamic Revolutionary Guard Corps (IRGC), an elite branch of the armed forces.
And experts say an Iranian network called “Storm-2035” runs several fake news sites on the web and social media that use AI-generated content to agitate conservative and liberal dissidents.
“Iran’s primary goal in this space is to sow discord and chaos and undermine the integrity of the United States’ electoral system,” said Simin Kargar, a senior non-resident at the Washington-based Digital Forensic Research Lab (DFRLab).
“If they succeed, even on a very small scale, it would be a vindication of Iran’s long-standing rhetoric that democracy is a ‘flawed Western concept’ and even the US, which often accuses Iran of rigged elections. prone to election-related controversies,” she added in written comments.
At least four”Covert intelligence websites run by Iran masquerading as news outlets” operated by Storm-2035 were identified by the Microsoft Threat Analysis Center (MTAC) as “actively engaging US constituencies on opposite ends of the political spectrum with polarizing reports on issues such as US presidential candidates, LGBTQ rights, and the conflict between Israel and Hamas.”
In an August 9 report, MTAC singled out three of those sites by name — Even Politics (evenpolitics.com), Nio Thinker (niothinker.com) and Savannah Time (savannahtime.com).
While Trump and Harris were in a tight race 11 weeks before the vote, Even Politics published content focusing on the ongoing war in Gaza, alleged threats to democracy and the influence of religious groups. Much of the content on the site appears to be anti-Trump.
The Nio Thinker, which emerged shortly after the Gaza war began in October, has since shifted its focus from that conflict to the US election. Its content caters to a “liberal audience” with “sarcastic, long-winded articles bashing Trump,” according to MTAC, including one calling him “an elephant with opioid pills in MAGA china.”
Hot Button Topics
The site also tracks Harris’ alleged unwavering support for Israel, a bipartisan vice presidential candidate, and stokes the flames on hot-button issues like corporate influence and immigration.
One article, presented as an op-ed, states “Why Harris’s Position on Palestine Cost Her My Vote”. Titled “JD Vance And The Rise Of The Sperm Cups,” the story mocks the Trump running mate for his positioning of “family values,” which he described as a “one-way ticket to the 1950s.” And another, written from the “perspective of an FBI agent,” claimed Harris’ running mate Tim Walz had “longstanding connections” to China and its government.
The third site, Savannah Time, presents itself as originating from the city of Savannah in the key swing state of Georgia. The site, according to Darren Linville, co-director of the Watt Family Innovation Center’s Media Forensics Hub, is clearly intended to appeal to the right, and the stories target Harris and her supporters.
Harris’s economic policies are often in the spotlight of the Savannah Time, with one article describing them as “fiscally reckless crayon economics that would make a drunken sailor blush.” Another accuses her of “dangerously flirting with communist-style price controls.”
Most of the articles published by the three sites are written by “employees,” and artificial intelligence research company Open AI said in an Aug. 16 report that Storm-2035 relied heavily on ChatGPT to generate its content.
Experts suggest that Iran’s approach to influencing the US electoral system in many ways mirrors that of Russia, which employed troll farms during the 2016 presidential election to flood social media with disinformation and divisive content, generally favoring Trump over Democratic nominee Hillary Clinton.
“What we’ve seen on these websites suggests a kind of Russian-style (campaign) where they’ve set up websites that target both left-wing and right-wing communities,” Linvill said.
“(They want to) potentially use these websites to target these communities to spread misinformation and maybe make our politics more extreme than they would otherwise be and facilitate the process of us fighting each other,” he added.
‘Remarkably good’
Linvill also said that Iranian websites are in some ways superior to their Russian counterparts and have improved over the years.
“They’re really remarkably well done. They’re clearly using AI in really interesting ways to create content, but they’re really well put together,” Linvill said.
Iranian efforts to influence the US election process have been observed since 2018, when they were inauthentic personas were used to impersonate candidates for the US House of Representatives and posing as journalists, according to cyber threat specialists Mandiant.
Analysts suggest that the scope of the campaign increased after the assassination of IRGC commander Qassem Soleimani in a US airstrike in Iraq in January 2020 under then-President Trump.
For example, two Iranian nationals have been indicted by the United States for their involvement in a cyber campaign to influence American voters in the 2020 election, which Trump lost to President Joe Biden.
Mandiant noted that Iranian actors sent threatening emails to voters in the United States during the 2020 campaign. Mandiant and other cyber experts also said Iran used media sites like Even Politics to try to influence the 2022 election.
In addition to exploiting media platforms, US intelligence agencies and cyber threat experts say Iran is currently using hacking and phishing attacks in an attempt to disrupt the November presidential vote.
On August 10, the Trump campaign accused the Iranian government of hacking some of its internal communications, prompting a federal investigation.
A joint assessment by three U.S. intelligence agencies released on August 19 confirmed “increasingly aggressive Iranian activity during this election cycle,” including “recently reported activities to compromise former President Trump’s campaign.”
It comes after the US director of national intelligence suggested in July that Tehran’s efforts to influence the election were “probably because Iran’s leaders want to avoid an outcome they believe it would increase tensions with the United States.”
Given the Soleimani assassination, the US unilateral withdrawal from the Iran nuclear deal and the deterioration of relations under the Trump administration, many experts suggest that Tehran would not favor another Trump presidency. Trump’s campaign suggested after the hack, which it blamed on Iran, it was because of past hostility with Tehran.
“Hyper-Polarized Climate”
DFRLab’s Kargar said in written comments that she “has not seen enough evidence to favor one candidate over another.” But Kargar said that “given Trump’s first-term policy toward Iran, it would only make sense that Iran would want to avoid a second Trump term at all costs.”
But even Harris’s campaign was targeted. A joint U.S. intelligence report this month also said it believed that “through social engineering and other efforts, the Iranians sought access to individuals with direct access to presidential campaigns of both political parties.”
And on August 14, Google’s threat analysis group reported that APT42 used phishing campaigns in an attempt to compromise “the personal (email) accounts of individuals associated with President Biden, Vice President Harris, and former President Trump, including current and former government officials and individuals associated with the campaigns.”
Tehran is going after both the Republican and Democratic camps because “Iran is looking for ways to sow discord and drive wedges between different voter communities in a hyper-polarized climate,” Kargar said.
Russia, Kargar added, did the same in 2016.
The bigger question is whether Iran’s campaign had any impact on the already divisive election.
Little is known about the hacking attacks confirmed by US intelligence, although Trump wrote on social media that the hackers were “only able to obtain publicly available information” and US media did not publish documents allegedly from the Trump campaign that were sent anonymously.
In the case of the inauthentic websites run by Iran’s Storm-2035 campaign, Linvill said “no one is talking about them.”
“It seems likely that they were created for some future purpose, to aid some future anti-laundering narrative campaign that has yet to be carried out,” Linvill said.
Such campaigns usually have a very specific goal in mind or a specific story that the actor wants to spread, Livill said, but “we just can’t say what that might be.”
Linvill said he expects that to clear up as the election approaches.