According to a blog post by Microsoft published on Wednesday, an Iranian hacking group known as Cotton Sandstorm is intensifying its reconnaissance activities on U.S. election-related websites and American media outlets as the election date approaches. Researchers warn that this uptick in activity may signal preparations for more direct influence operations. Linked to Iran’s Islamic Revolutionary Guard Corps, the group has reportedly conducted probing scans of various election-related websites in several key swing states, as well as assessing an unidentified U.S. news outlet for potential vulnerabilities. The researchers anticipate that Cotton Sandstorm’s activities will escalate as the elections draw nearer, reflecting the group’s established operational patterns and history of meddling in elections.
In response to the allegations, a spokesperson for Iran’s mission to the United Nations dismissed the claims as “fundamentally unfounded and wholly inadmissible,” asserting that Iran has no intention or motive to interfere in U.S. elections. This denial comes in the context of Cotton Sandstorm’s previous actions; during the 2020 presidential election, the group executed a cyber-enabled influence operation that involved impersonating the right-wing extremist group “Proud Boys.” They sent out thousands of intimidating emails to voters in Florida, coercing them to “vote for Trump or else!”
Additionally, the group circulated a video on social media, purportedly from hacktivists, showcasing their attempts to breach election systems. While that particular operation did not compromise actual voting mechanisms, U.S. officials noted that its aim was to sow chaos, confusion, and doubt about the electoral process. Following the 2020 election, Cotton Sandstorm also engaged in separate activities that incited violence against election officials who had publicly refuted claims of widespread voter fraud, according to Microsoft’s findings.
The Office of the Director of National Intelligence, which is tasked with coordinating the federal response to foreign influence in elections, has not yet commented on these developments. The implications of Cotton Sandstorm’s actions raise significant concerns about the security and integrity of upcoming U.S. elections, particularly given the group’s history and the sophistication of their cyber capabilities. The potential for misinformation and disruptive tactics underscores the need for vigilance as election day approaches, emphasizing the ongoing challenges posed by foreign actors in the digital space.
