Microsoft says Iranian hackers ‘gearing up’ close to US elections

Maryam Sinaiee
Maryam Sinaiee

British Iranian journalist and political analyst

The latest Microsoft Threat Analysis Center (MTAC) research related to the US elections released Wednesday says Iran is gearing up for additional influence operations.

“Iranian groups tasked with targeting the US elections may make an effort—as they have in the past—to run influence operations both shortly before and soon after the election by leveraging cyber intrusions from weeks to months prior,” the report said.

On October 14, the report showed that the MTAC’s findings uncovered an online persona operated by Iran began falsely posing as an American. The online persona had called on Americans to boycott the elections due to both candidates’ support for Israel’s military operations.

A spokesperson for Iran's mission to the United Nations strongly rejected Iran's interference with the US presidential elections Wednesday. "Such allegations are fundamentally unfounded and wholly inadmissible," the spokesperson said.

The spokesperson added that "Iran neither has any motive nor intent to interfere in the US election" and contended that the allegations brought against Iran would only cause the US government to be discredited.

Two weeks ahead of the 2020 US elections, an Iranian hacker group called Cotton Sandstorm, also known as Emennet Pasargad, launched its first cyber-enabled influence operations, the Microsoft report said. It performed reconnaissance and limited probing of election-related websites in some swing states in April and reconnaissance of major US media outlets in May.

Cotton Sandstorm is directed by Iran’s Revolutionary Guards (IRGC), the Microsoft report said, adding that the MTAC has yet not observed activity suggesting that the group has launched influence operations targeting the upcoming elections but expects it to increase its activity closer to the elections.

According to the report, the group ran an email campaign in 2020 posing as the right-wing “Proud Boys”, threatening Florida residents to “vote for Trump or else!”.

This, the report said, was followed by a separate operation following the election which called for violence against election officials who claimed the elections were secure or denied claims of widespread fraud.

Senior US officials told Reuters in 2020 that the hacker group’s email campaign did not affect individual voting systems but aimed to create chaos, confusion, and doubt.

US officials also told Reuters that a mistake the hackers made in a video that they attached to some of the emails helped government analysts and private sector investigators to quickly attribute the cyber operations to Iranian hackers.

Microsoft detected Cotton Sandstorm running its last operation targeting Israel’s participation in the Paris Olympics in late July 2024, the MTAC report said.