Associated Incidents
An Iranian hacking group, identified by Microsoft as "Cotton Sandstorm" and linked to Iran's Islamic Revolutionary Guard Corps, is conducting reconnaissance on US election-related websites and media outlets as the upcoming election nears, Microsoft revealed in a blog post on Wednesday.
The group has been observed probing several "election-related websites" in unnamed swing states and scanned vulnerabilities in a US news outlet in May, according to researchers.
The activity is seen as potential preparation for direct influence operations. "Cotton Sandstorm will increase its activity as the election nears given the group's operational tempo and history of election interference," Microsoft researchers stated. The group’s previous efforts to interfere in US elections have raised concerns about a repeat attempt.
In response to these accusations, a spokesperson for Iran’s mission to the United Nations dismissed the allegations as "fundamentally unfounded, and wholly inadmissible," further stating that "Iran neither has any motive nor intent to interfere in the US election."
Cotton Sandstorm, previously known for cyber-enabled influence operations, attempted to sway the 2020 US presidential election by posing as the far-right group "Proud Boys" and threatening Florida voters through emails. The group also released a video, claiming to be hacktivists, showing a probe of an election system, which aimed to create chaos and undermine confidence in the election process.
Although no direct tampering with voting systems occurred in 2020, the group’s goal was to spread confusion and doubt. Following the election, Cotton Sandstorm also launched a campaign encouraging violence against US election officials who dismissed claims of widespread voter fraud.
US federal agencies, including the Office of the Director of National Intelligence, are coordinating efforts to defend the election from foreign interference, though the office did not immediately respond to requests for comment.