Influence campaigns from Iran, China, Russia ramping up ahead of US election, Microsoft finds

Iranian hackers are gearing up for a potentially major influence operation ahead of the U.S. elections, running parallel to increased election interference efforts from China and Russia, Microsoft said in a report released Wednesday.

The findings corroborate other recent reports from cyber firms and officials that point to months of foreign influence efforts aimed at swaying the U.S. elections. It also indicates that Iran is continuing to stay heavily engaged in this space following early hack and leak operations.

According to the report from Microsoft, an Iranian hacking group known as Cotton Sandstorm plans to “imminently” launch new influence operations targeting the U.S. presidential election, and as part of this effort, the group has been scanning election-related websites for vulnerabilities. This is the same outfit linked to efforts to influence the 2020 election, when it posed as the far-right Proud Boys groups and sent threatening emails to U.S. voters.

The Iranian government was recently linked to a hack and leak operation against Trump’s presidential campaign, sending stolen information to officials on President Joe Biden’s former 2024 campaign, along with multiple media outlets, including POLITICO.

Tehran is not the only government stepping up its interference efforts. Between July and September of this year, the Chinese government-linked influence operation known as “Spamouflage” is said to have “parroted antisemitic messages, amplified accusations of corruption and promoted opposition candidates,” according to the report. Microsoft found that Spamouflage was spreading posts critical of Sen. Marsha Blackburn (R-Tenn.) and Rep. Barry Moore (R-Ala.).

Moore said in a statement “We know that the CCP is antisemitic, so it isn’t surprising that they are targeting me and other politicians who support Israel to try sow division in advance of the most important election in our lifetime.”

“China has made it clear they will use every weapon in their arsenal, including offensive cyber capabilities, to try and destroy democracy across the world,” Moore said. “The United States must be prepared to stand against Chinese aggression and continue to stand with Israel and Taiwan.”

Blackburn said in a separate statement that “Communist China’s threats against me are nothing new, and it’s no wonder they would try and target me again,” stressing that “the CCP will continue to try to carry out their malign attacks against me but nothing will deter me from the mission: breaking China.”

The campaign is not only going after those seeking reelection. Sen. Marco Rubio (R-Fla.), who is not up for reelection until 2028, was also targeted by the Chinese-linked influence efforts. Rubio serves as vice chair of the Senate Intelligence Committee and has backed efforts to prevent the use of American technologies and data by Chinese companies. Microsoft noted in the report that Chinese influence campaigns have targeted Rubio since at least 2022.

“China is becoming increasingly more aggressive and needs to be taken very seriously,” Rubio said in a statement Wednesday in response to Microsoft’s findings. “China’s goal is to shape American opinion on critical issues and target specific candidates, especially those they view as anti-China.”

In addition, Microsoft confirmed in its report findings made public earlier this week that Russian influence group Storm-1516 was behind a fake video where an alleged former student of Democratic vice presidential candidate Minnesota Gov. Tim Walz accused him of sexual assault (disinformation experts say the man in the video was not who he claimed to be). The video, which Microsoft assessed was likely manipulated, gained 5 million views on X in less than 24 hours and also spread on other social media platforms.

Storm-1516 also created and spread a video falsely claiming that Vice President Kamala Harris killed an endangered rhinoceros in Zambia, Microsoft said, a video that was then amplified by Russian media groups RT and Sputnik. In September, Microsoft reported that the same influence group was behind the creation of a fake video showing Harris in a hit-and-run incident.

Other cybersecurity research groups are also sounding the alarm on Russian influence operations. On Wednesday, Recorded Future released a separate report detailing how Russia is “aggressively targeting” the U.S. elections, in particular through the use of AI-generated audio and the spread of fake media websites. In particular, the operation is spreading negative content about Harris, Ukraine and the LGBTQ+ population in the U.S.

All of these findings track with ongoing warnings from top U.S. agencies. Officials from the Office of the Director of National Intelligence told reporters earlier this week that foreign nations are planning to increase influence operations in the next few weeks. Influence efforts are likely to continue after Election Day as well.

“With a particular focus on the 48 hours before and after Election Day, voters, government institutions, candidates, and parties must remain vigilant against deceptive and suspicious activity online,” Clint Watts, general manager of the Microsoft Threat Analysis Center, wrote in a blog post Wednesday.

CORRECTION: A previous version of this story misstated the state where Tim Walz governs. Walz is governor of Minnesota.