Cyber showdown: Iran's covert battle against Trump in US elections
Republican presidential nominee, former U.S. President Donald Trump, speaks at a campaign rally at the Johnny Mercer Theatre, in Savannah, Georgia, U.S., Sept. 24, 2024. (Getty Images Photo)

The cyberattacks on Republicans' campaigns reveal efforts of hidden actors seeking to sway the U.S. election results



As the presidential elections approach, the U.S. election process appears to be influenced not only by internal political dynamics but also by external interference. Notably, the assassination attempts against Donald Trump and cyberattacks targeting his campaigns serve as striking examples.

The situation becomes even more paradoxical considering that Iran, reportedly behind these actions, has often been seen as lacking in intelligence capabilities, highlighted by its failure to prevent the assassination of Hamas leader Ismail Haniyeh in the heart of Tehran. This raises the question: How can a regime that has faced derision from its adversaries for over a decade now emerge as a significant threat to the U.S.?

Trump faces cyberattacks

In June 2024, Microsoft revealed that former President Trump's campaign had been the target of cyberattacks. Initially, these attacks received limited attention due to the assassination attempt on Trump on July 13. However, the issue resurfaced on Aug. 9, 2024, when Microsoft’s Threat Analysis Center released a report detailing cyberattacks on both the Biden-Harris and Trump campaigns.

Following this, Trump campaign spokesperson Steven Cheung confirmed that their campaign had been breached, resulting in the theft and distribution of sensitive documents. Cheung specifically blamed Iran, referencing intelligence reports linking the attacks to hacker groups affiliated with the Iranian Revolutionary Guard Corps (IRGC).

Politico had received hacked documents, including research on Trump’s running mate, Ohio Senator James David Vance. Although the campaign accused foreign actors hostile to the U.S., no direct evidence conclusively linked Iran to the hack. The FBI launched an investigation, which coincided with Microsoft's findings that Iranian hackers had targeted U.S. campaigns with spear phishing attacks. Iran has consistently denied involvement.

Methods of the hackers

The primary goal of the purported Iranian-backed cyberattacks is to manipulate the U.S. political system and influence the outcome of the elections. These attacks sought to access sensitive campaign information and spread disinformation, as highlighted in Microsoft’s reports. Notable groups involved include Mint Sandstorm, Peach Sandstorm, APT42 and Storm-2035, which have employed various tactics to achieve their objectives. One key strategy is promoting social polarization through fake news websites, such as "Nio Thinkers" for left-leaning voters with anti-Trump content and "Savannah Times" for right-leaning voters with conservative viewpoints.

Phishing and spear phishing are the primary methods used by these hackers. Phishing involves sending fake emails or messages to trick victims into revealing personal data, while spear phishing is a more targeted approach, using specific information to make the message appear legitimate. APT42, for example, tried to infiltrate the email accounts of campaign staff, including hacking Roger Stone’s account to gain access to other key figures in Trump’s campaign.

Rising concerns

These cyberattacks raise concerns not only about U.S.-Iran relations but also about possible collaboration with Russia and China. Russia’s involvement in the 2016 election was widely publicized, and both intelligence agencies and Microsoft suggest that Russian and Chinese groups are engaging in similar activities.

In response, the U.S. has strengthened its defenses ahead of the 2024 elections, partnering with Microsoft and Google to combat these threats. However, the growing sophistication of AI-driven disinformation campaigns and fake news websites presents challenges for traditional security measures.

With advancing technology, nations increasingly resort to cyber tools rather than direct conflict to achieve their goals. In 2016, Russian-backed groups influenced the election, raising investment in this field. Iran, following suit, has invested in cyber capabilities seemingly to sway U.S. election outcomes in its favor or gather sensitive foreign policy intelligence during campaigns.

Under the Trump administration, the U.S. withdrawal from the nuclear deal, sanctions on Iran, and the assassination of Gen. Qassem Soleimani may have prompted Iran to adopt a retaliatory stance against Trump.

What is the end game?

In light of the available information, a Kamala Harris victory would benefit Iran. Iran and China share aligned interests, while Russia favors a Trump win. These strategic cyberattacks also aim to damage the global standing of the United States by meddling in its internal affairs and weakening confidence in the Western democratic system.

Just as Russian interference in the 2016 election posed a significant threat to U.S. election security, the current cyberattacks allegedly by Iran-backed groups seem to challenge the vulnerabilities of Western democracy.

As cybersecurity grows, it will be crucial in shaping international politics and influencing states' foreign policy strategies.