Microsoft Corp. researchers have uncovered several Iranian cyber operations designed to influence the U.S. elections.
The company detailed its findings in a report published today. The research was carried out by its MTAC, or Microsoft Threat Analysis Center, unit. MTAC focuses on tracking online influence operations run by state-backed actors.
The cyber campaigns detailed in the report are run by four Iranian groups. Two of the groups focus on stirring controversy and swaying U.S. voters. The other two are seeking to collect intelligence about political campaigns with the goal of influencing the elections.
The first group uncovered by Microsoft’s MTAC unit created a set of fake news websites focused on political topics. One of the websites, called Nio Thinker, targeted left-leaning voters. Another website called the Savannah Time positioned itself as the “trusted source for conservative news in the vibrant city of Savannah.” Microsoft’s researchers determined that the websites included content plagiarized from U.S. publications using artificial intelligence.
MTAC also identified a second Iranian group focused on carrying out influence operations. “We believe this group may be setting itself up for activities that are even more extreme, including intimidation or inciting violence against political figures or groups, with the ultimate goals of inciting chaos, undermining authorities, and sowing doubt about election integrity,” Microsoft’s researchers detailed. The company believes that the group has been been laying the groundwork for this influence campaign since March.
The two other Iranian cyber groups detailed in today’s report have a different goal: collecting intelligence about U.S. political campaigns.
One of those groups recently sent a spear phishing email to a high-ranking official on a presidential campaign. According to MTAC, the message was sent from the compromised email account of a former senior advisor. The message contained a website link that rerouted the user’s traffic through a domain controlled by the hackers.
The second intelligence gathering group identified by Microsoft compromised an “account of a county-level government employee in a swing state.” The company didn’t specify the service in which the compromised account was created. Microsoft says that the breach was part of a broader password spraying attack, which is a type of cyberattack in which a hacker attempts to take over multiple accounts using a single stolen password.
Today’s report comes about five months after Microsoft’s MTAC unit detailed two China-backed disinformation campaigns targeted at voters in the U.S. and abroad. One of the campaigns spread disinformation using a network of social media accounts designed to impersonate U.S. voters. The other influence operation spread fake news about trending topics.