WASHINGTON (AP) — With less than three months before the U.S. election, is intensifying its efforts to meddle in American politics, U.S. officials and private cybersecurity firms say, with the СƵ only the latest and most brazen example.
Iran has long been described as a “chaos agent” when it comes to cyberattacks and disinformation campaigns and in recent months groups linked to the government in Tehran have covertly encouraged protests over , impersonated American activists and created networks of fake news websites and social media accounts primed to spread false and misleading information to audiences in the U.S.
While Russia and China remain bigger cyber threats against the U.S., experts and intelligence officials say Iran's increasingly aggressive stance marks a significant escalation of efforts to confuse, deceive and frighten American voters ahead of the election.
The pace will likely continue to increase as the election nears and America’s adversaries exploit the internet and to sow discord and confusion.
“We’re starting to really see that uptick and it makes sense, 90 days out from the election,” said Sean Minor, a former information warfare expert for the U.S. Army who now analyzes online threats for the cybersecurity firm Recorded Future, which has seen a sharp increase in cyber operations from Iran and other nations. “As we get closer, we suspect that these networks will get more aggressive.”
The FBI is investigating the suspected hack of the Trump campaign as well as efforts to infiltrate the campaign of President Joe Biden, which became Vice President Kamala Harris' campaign when Biden . Trump's campaign announced Saturday that someone illegally accessed and retrieved internal documents, later . The campaign blamed Iran, noting a recent Microsoft report revealing an attempt by Iranian military intelligence to hack into the systems of one of the presidential campaigns.
“A lot of people think it was Iran. Probably was,” Trump said Tuesday on Univision before shrugging off the value of the leaked material. “I think it’s pretty boring information.”
Iran has denied and said it has no interest in meddling with U.S. politics.
That denial is disputed by U.S. intelligence officials and private cybersecurity firms who have linked Iran's government and military to several recent campaigns targeting the U.S., saying they reflect Iran's growing capabilities and its increasing willingness to use them.
On Wednesday Google announced it had uncovered a group linked to Iran's Revolutionary Guard that it said had tried to infiltrate the personal email accounts of roughly a dozen people linked to Biden and Trump since May.
The company, which contacted law enforcement with its suspicions, said the group is still targeting people associated with Biden, Trump and Harris. It wasn't clear whether the network identified by Google was connected to the attempt that Trump and Microsoft reported, or were part of a second attempt to infiltrate the campaign's systems.
Iran has a few different motives in seeking to influence U.S. elections, intelligence officials and cybersecurity analysts say. The country seeks to spread confusion and increase polarization in the U.S. while undermining support for Israel. Iran also aims to hurt candidates that it believes would increase tension between Washington and Tehran.
That’s a description that fits Trump, whose administration , reimposed sanctions and ordered the , an act that prompted Iran’s leaders to .
The two leaders of the Senate intelligence committee issued a joint letter on Wednesday warning Tehran and other governments hostile to the U.S. that attempts to deceive Americans or disrupt the election will not be tolerated.
“There will be consequences to interfering in the American democratic process,” wrote the committee’s chairman, Democratic Sen. Mark Warner of Virginia, along with Republican Sen. Marco Rubio of Florida, the vice chairman.
In 2021, federal authorities nationals with attempting to interfere with the election the year before. As part of the plot, the men wrote emails claiming to be members of the far-right Proud Boys in which they threatened Democratic voters with violence.
Last month, Director of National Intelligence Avril Haines said against Israel’s war against Hamas in Gaza. Groups linked to Iran’s government also posed as online activists, encouraged and provided financial support to some protest groups, Haines said.
Recent reports from and Recorded Future have also linked Iran’s government to networks of fake news websites and social media accounts posing as Americans. The networks were discovered before they gained much influence and analysts say they may have been created ahead of time, to be activated in the weeks immediately before the election.
The final weeks before an election may be the most dangerous when it comes to foreign efforts to impact voting. That's when voters pay the most attention to politics and when false claims about candidates or voting can do the most damage.
So-called ‘hack-and-leak’ attacks like the one reported by Trump's campaign involve a hacker obtaining sensitive information from a private network and then releasing it, either to select individuals, the news media or to the public. Such attacks not only expose confidential information but can also raise questions about cybersecurity and the vulnerability of critical networks and systems.
Especially concerning for elections, authorities say, would be an attack targeting a state or local election office that reveals sensitive information or disables election operations. Such an incursion could undermine trust in voting, even if the information exposed is worthless. Experts refer to this last possibility as a “perception hack,” when hackers steal information not because of its value, but because they want to flaunt their capabilities while spreading fear and confusion among their adversaries.
“That can actually be more of a threat — the spectacle, the marketing this gives foreign adversaries — than the actual hack,” said Gavin Wilde, a senior fellow at the Carnegie Endowment for International Peace and former National Security Council analyst who specializes in cyber threats.
In 2016, Russian hackers , ultimately obtaining and releasing some of the campaign's most protected information in a hack-and-leak that upended the campaign in its final weeks.
Recent advances in artificial intelligence have made it easier than ever to create and spread disinformation, including lifelike video and audio allowing hackers to impersonate someone and gain access to their organization's systems. Nevertheless, the alleged hack of the Trump campaign reportedly involved much simpler techniques: someone gained access to an email account that lacked sufficient security protections.
While people and organizations can take steps to minimize their vulnerability to hacks, nothing can eliminate the risk entirely, Wilde said, or completely reduce the likelihood that foreign adversaries will mount attacks on campaigns.
“The tax we pay for СƵ a digital society is that these hacks and leaks are unavoidable," he said. “Whether you're a business, a campaign or a government.”
__
Associated Press writer Ali Swenson contributed to this report from New York.
David Klepper, The Associated Press