The company claims to have discovered hackers and fake news sites linked to Tehran
Hackers and fake news sites allegedly linked to Iran might be up to something nefarious in the US, Microsoft has warned in a new cyber intelligence report.
Microsoft’s Threat Analysis Center (MTAC) released a nine-page paper on Friday, claiming to have found traces of influence operations targeting Americans, mainly Iranian but also Chinese and Russian.
“Iranian actors have recently laid the groundwork for influence operations aimed at US audiences and potentially seeking to impact the 2024 US presidential election,” the MTAC said.
One alleged Iranian network, dubbed Storm-2035, is said to operate four websites posing as news outlets, each of which caters to a different part of the US electorate. One of the sites, Savannah Time [sic], focuses on Republican politics, writing about LGBT issues and sex-changes in particular.
Another, Nio Thinker, caters to Democrats and posts “sarcastic, long-winded articles” attacking Republican presidential candidate Donald Trump with insults such as “raving mad litigiosaur” [sic] and “opioid-pilled elephant in the MAGA china shop.”
MTAC named the third outlet in the group as EvenPolitics, while the fourth remained unidentified. The company claims the sites have used AI-enabled services to plagiarize “at least some of their content from US publications.”
In addition to fake news websites, MTAC claims to have identified two Iranian hacker groups linked to the Islamic Revolutionary Guard Corps (IRGC). One, dubbed Mint Sandstorm, tried to hack a presidential campaign in June by sending “a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.”
Mint Sandstorm “also unsuccessfully attempted to log in to an account belonging to a former presidential candidate” around June 13, MTAC said. While the group is said to normally engage in espionage, these actions “suggest” their objectives might be election-related, according to MTAC.
Another group “with assessed links” to IRGC, designated Peach Sandstorm or APT-33, managed to access the account of a county government “in a swing state” that “had undergone a race-related controversy that made national news this year.”
The US government and Big Tech companies have claimed since 2016 that Russia and other foreign governments have been carrying out hacking attacks and “influence operations” with the goal of undermining American elections. The sole exception was the 2020 vote, which both government agencies and private companies – later discovered to have been working together – declared“the most secure in American history.”
