Iran is striking out left and right in an attempt to interfere with the U.S. presidential election in November with the help of slick-looking websites, hackers, and phishing attacks.
The objective of the sophisticated campaign, U.S. intelligence and cyberthreat experts say, is to fuel distrust in the U.S. democratic system and to exploit and heighten social divisions.
As the November 5 election nears, Iranian hackers have been accused of targeting the e-mail accounts of both the Republican candidate, former President Donald Trump, and his Democratic rival, Kamala Harris.
U.S. intelligence assessments and researchers say both political campaigns have been targeted by phishing attacks carried out by a group with suspected ties to Iran's Islamic Revolutionary Guards Corps (IRGC), the elite branch of the armed forces.
And experts say an Iranian network dubbed "Storm-2035" operates multiple inauthentic news sites on the web and social media that use AI-generated content to agitate conservative and liberal dissidence.
"Iran’s main goal in this space is to sow discord and chaos and to undermine the integrity of the United States' electoral system," said Simin Kargar, a senior nonresident fellow at the Washington-based Digital Forensic Research Lab (DFRLab).
"If they can pull this off, even at a very small scale, it would be a testament to Iran’s long-held rhetoric that democracy is a 'flawed Western concept' and even the U.S., which has often accused Iran of rigged elections, is susceptible to election-related controversies," she added in written comments.
At least four "Iran-run covert news sites masquerading as news outlets" operated by Storm-2035 have been identified by the Microsoft Threat Analysis Center (MTAC) as "actively engaging U.S. voter groups on opposing ends of the political spectrum with polarizing messaging on issues such as the U.S. presidential candidates, LGBTQ rights, and the Israel-Hamas conflict."
In an August 9 report, the MTAC singled out three of the sites by name-- Even Politics (evenpolitics.com), Nio Thinker (niothinker.com), and Savannah Time (savannahtime.com).
With Trump and Harris in a tight race 11 weeks before the vote, Even Politics was publishing content focused on the ongoing war in Gaza, alleged threats against democracy, and the influence of religious groups. Much of the content on the site appeared to be steered against Trump.
Nio Thinker, which emerged shortly after the beginning of the Gaza war in October, has since shifted its focus from that conflict to the U.S. election. Its content caters to "liberal audiences" with "sarcastic, long-winded articles insulting Trump," according to the MTAC, including one calling him an "opioid-pilled elephant in the MAGA china shop."
Hot-Button Topics
The site also goes after Harris's alleged unwavering support for Israel, the vice-presidential nominees for both parties, and stokes the flames on hot-button topics like corporate influence and immigration.
One article presented as an op-ed lays out "Why Harris's Stance On Palestine Cost Her My Vote." A story titled "J.D. Vance And The Rise Of The Sperm Cups" mocks Trump's running mate over his "family values" positioning, which it described as a "one-way ticket back to the 1950s." And another written from "an FBI agent's perspective" alleged that Harris's running mate, Tim Walz, has a "'longstanding connection' to China and its government."
The third site, Savannah Time, presents itself as originating from the city of Savannah in the key swing state of Georgia. That site, according to Darren Linvill, co-director of the Watt Family Innovation Center Media Forensics Hub, is clearly intended to appeal to the right, with stories bashing Harris and her supporters.
Harris's economic policies are often in the crosshairs of Savannah Time, with one article describing them as "fiscally reckless crayon economics that would make even a drunken sailor blush." Another accuses her of "a dangerous flirtation with communist-style price controls."
Most of the articles published by the three sites are written by "staff," and the Open AI artificial intelligence research company said in an August 16 report that Storm-2035 relied heavily on ChatGPT to generate its content.
Experts suggest that in many ways Iran's approach to influencing the U.S. electoral system mirrors that of Russia, which employed troll farms to flood social media with disinformation and divisive content during the 2016 presidential election, broadly favoring Trump over Democratic candidate Hillary Clinton.
"What we've seen from these websites suggests a sort of Russian-style [campaign], where they have set up websites that are targeting communities on both the left and the right," Linvill said.
"[They want] to potentially use those websites to target these communities to spread disinformation and perhaps make our politics more extreme than they would have been otherwise and facilitate the process of us fighting amongst ourselves," he added.
'Remarkably Well Done'
Linvill also said the Iranian websites in some ways surpass their Russian counterparts, and have improved over the years.
"They're really remarkably well done. They clearly use AI in really interesting ways to create their content, but they're really well put together," Linvill said.
Iranian efforts to influence the U.S. electoral process have been observed since as early as 2018, when inauthentic personas were used to impersonate candidates for the U.S. House of Representatives and to pose as journalists, according to the cyberthreat intelligence specialists Mandiant.
Analysts suggest that the campaign increased in scope following the assassination of IRGC commander Qasem Soleimani in a U.S. air strike in Iraq in January 2020 under then-President Trump.
Two Iranian nationals, for example, were charged by the United States for their involvement in a cyberenabled campaign to influence U.S. voters in the 2020 election, which Trump lost to President Joe Biden.
Mandiant noted that Iranian actors sent threatening e-mails to voters in the United States during the 2020 campaign. Mandiant and other cyberexperts also said that Iran used media sites like Even Politics to attempt to influence the 2022 midterm elections.
Aside from the use of media platforms, U.S. intelligence agencies and cyberthreat experts say that Iran is currently making use of hacking and phishing attacks in an attempt to disrupt the November presidential vote.
The Trump campaign on August 10 blamed the Iranian government for a hack of some of its internal communications, prompting a federal investigation.
A joint assessment by three U.S. intelligence bodies released on August 19 confirmed "increasingly aggressive Iranian activity during this election cycle," including the "recently reported activities to compromise former President Trump’s campaign."
This came after the U.S. director of national intelligence in July suggested that Tehran's efforts to influence the election was "probably because Iranian leaders want to avoid an outcome they perceive would increase tensions with the United States."
Considering the assassination of Soleimeni, the unilateral U.S. withdrawal from the nuclear accord with Iran, and the souring of relations under the Trump administration, many experts suggest that Tehran would not favor another Trump presidency. The Trump campaign, following the hacking it blamed on Iran, suggested that it was due to past hostilities with Tehran.
'Hyper-Polarized Climate'
Kargar of DFRLab said in written comments that she had not "seen enough evidence on favoring one candidate over another." But Kargar said that “given Trump’s first term policies vis-a-vis Iran, it would only make sense that Iran would want to avoid a second Trump term at any cost."
But Harris's campaign has also been targeted. The joint U.S. intelligence report this month also said that it was confident that "the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties."
And a Google threat analysis group on August 14 said that APT42 had used phishing campaigns in an attempt to compromise "the personal [e-mail] accounts of individuals affiliated with President Biden, Vice President Harris, and former President Trump, including current and former government officials and individuals associated with the campaigns."
Tehran is going after both the Republican and the Democratic camps because "Iran is looking for ways to sow discord and drive wedges between different communities of voters in a hyper-polarized climate," Kargar said.
Russia, Kargar added, did the same in 2016.
The bigger question is whether Iran's campaign has had any impact in an election that is already divisive on its own.
Little is known about the hacking attacks confirmed by U.S. intelligence, although Trump wrote on social media that the hackers were "only able to get publicly available information" and U.S. media did not publish documents purportedly from within Trump's campaign that were sent anonymously.
In the case of the inauthentic websites operated by Iran's Storm-2035 campaign, Linvill said that "nobody's talking about them."
"It seems likely that they had been set up for some future purpose to help some future narrative laundering campaign that hasn't been undertaken yet," Linvill said.
Such campaigns usually have a very specific goal in mind or a specific story that the actor wants to spread, Livill said, but "we just can't say what that might be."
Linvill said he expects that to be cleared up as the election gets closer.