Overview
Russia and Iran have both undertaken cyber influence operations headed into the 2024 presidential election. In our third 2024 U.S. election blog published on August 8, “Iran Targeting 2024 Election,” we detailed how Iranian cyber-enabled influence operations sought to undermine the Republican campaign through targeted hack-and-leak operations, covert social media personas and imposter U.S. news sites utilizing generative AI to connect with American audiences. In this fourth US election report, Microsoft Threat Intelligence observes Russia shifting its influence campaigns from denigrating President Biden to undermining the new Democratic nominee Vice President Harris.
Russian influence of US elections has remained a constant over the last decade, but in the past few months Microsoft Threat Intelligence has observed a shift in the tactics for reaching American audiences amidst a dynamic social media environment and a shifting electoral calculus. On September 4, the U.S. government took an important step to protect against foreign influence in our upcoming election by releasing indictments1 and sanctions2 against Russian influence actors trying to influence the US 2024 election—including ANO Dialog, one of the Russian organizations behind the Russia-affiliated group Microsoft tracks as Ruza Flood (Doppelganger); Russia Today (RT) employees; and cyber hacktivist group RaHDit, which the government says is led by a Federal Security Service (FSB) officer and “disseminate[s] and amplif[ies] propaganda and disinformation from the Kremlin-funded and -directed organization RT.”3
Alongside this significant U.S. government disclosure, Microsoft Threat Intelligence has observed a synchronized shift by three other Russian influence operation actors, Storm-1516, Ruza Flood and Storm-1679, toward maligning the campaign of Vice President Harris. Microsoft Threat Intelligence has observed, in three consecutive U.S. presidential elections, synchronized shifts by all Russian influence actors to focus on denigrating the Democratic candidate in the final 90 days before election day. Microsoft Threat Intelligence assesses this synchronization on themes and messages results from top-down direction from the top of the Kremlin.
Looking ahead to Election Day, a new set of techniques—Russian cyber proxies and their amplifiers—present another, perhaps more pressing threat to the election. We expect that all Russian influence actors outlined in Microsoft Threat Intelligence’s previous election reports as well as this report will continue to spread divisive political content, staged videos, and even AI-enhanced propaganda ahead of the 2024 U.S. presidential election in November. Simultaneously, based upon recent observations as reported on August 8 and MTAC’s analysis of IRGC activity during the 2020 US election, we anticipate that Iranian actors will continue their activity, which may include hacking of Republican campaign targets or influence operations to incite confusion, fear, or intimidation among voters in swing states.
To learn more, read the full report.
Russian influence of US elections has remained a constant over the last decade, but in the past few months Microsoft Threat Intelligence has observed a shift in the tactics for reaching American audiences amidst a dynamic social media environment and a shifting electoral calculus. On September 4, the U.S. government took an important step to protect against foreign influence in our upcoming election by releasing indictments1 and sanctions2 against Russian influence actors trying to influence the US 2024 election—including ANO Dialog, one of the Russian organizations behind the Russia-affiliated group Microsoft tracks as Ruza Flood (Doppelganger); Russia Today (RT) employees; and cyber hacktivist group RaHDit, which the government says is led by a Federal Security Service (FSB) officer and “disseminate[s] and amplif[ies] propaganda and disinformation from the Kremlin-funded and -directed organization RT.”3
Alongside this significant U.S. government disclosure, Microsoft Threat Intelligence has observed a synchronized shift by three other Russian influence operation actors, Storm-1516, Ruza Flood and Storm-1679, toward maligning the campaign of Vice President Harris. Microsoft Threat Intelligence has observed, in three consecutive U.S. presidential elections, synchronized shifts by all Russian influence actors to focus on denigrating the Democratic candidate in the final 90 days before election day. Microsoft Threat Intelligence assesses this synchronization on themes and messages results from top-down direction from the top of the Kremlin.
Looking ahead to Election Day, a new set of techniques—Russian cyber proxies and their amplifiers—present another, perhaps more pressing threat to the election. We expect that all Russian influence actors outlined in Microsoft Threat Intelligence’s previous election reports as well as this report will continue to spread divisive political content, staged videos, and even AI-enhanced propaganda ahead of the 2024 U.S. presidential election in November. Simultaneously, based upon recent observations as reported on August 8 and MTAC’s analysis of IRGC activity during the 2020 US election, we anticipate that Iranian actors will continue their activity, which may include hacking of Republican campaign targets or influence operations to incite confusion, fear, or intimidation among voters in swing states.
To learn more, read the full report.
Follow Microsoft Security