Microsoft claims to have found hackers and fake news sites linked to Tehran
Microsoft has warned in a new cyber intelligence report that hackers and fake news sites allegedly linked to Iran may be engaging in malicious activities in the US.
Microsoft’s Threat Analysis Center (MTAC) released a nine-page report on Friday, claiming to have discovered evidence of influence operations targeting Americans, primarily from Iran, but also China and Russia.
“Iranian actors have recently laid the groundwork for influence operations aimed at US audiences and potentially seeking to impact the 2024 US presidential election,” the MTAC stated.
One alleged Iranian network, dubbed Storm-2035, is said to operate four websites posing as news outlets, each catering to a different segment of the US electorate. One of the sites, Savannah Time [sic], focuses on Republican politics, particularly writing about LGBT issues and sex-changes.
Another, Nio Thinker, caters to Democrats and posts “sarcastic, long-winded articles” attacking Republican presidential candidate Donald Trump with insults such as “raving mad litigiosaur” [sic] and “opioid-pilled elephant in the MAGA china shop.”
MTAC identified the third outlet in the group as EvenPolitics, while the fourth remains unidentified. The company claims the sites have used AI-enabled services to plagiarize “at least some of their content from US publications.”
In addition to fake news websites, MTAC claims to have identified two Iranian hacker groups linked to the Islamic Revolutionary Guard Corps (IRGC). One, dubbed Mint Sandstorm, attempted to hack a presidential campaign in June by sending “a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.”
Mint Sandstorm “also unsuccessfully attempted to log in to an account belonging to a former presidential candidate” around June 13, MTAC reported. While the group is said to typically engage in espionage, these actions “suggest” their objectives might be election-related, according to MTAC.
Another group “with assessed links” to IRGC, designated Peach Sandstorm or APT-33, managed to access the account of a county government “in a swing state” that “had undergone a race-related controversy that made national news this year.”
Since 2016, the US government and major tech companies have claimed that Russia and other foreign governments have been carrying out hacking attacks and “influence operations” aimed at undermining American elections. The sole exception was the 2020 vote, which both government agencies and private companies – later discovered to have been – “the most secure in American history.”