By Christopher Bing and A.J. Vicens
(Reuters) – An Iranian hacking group known as Cotton Sandstorm is actively targeting U.S. election-related websites and American media outlets as Election Day approaches. Microsoft’s blog post on Wednesday warned of increased activity from the group, indicating potential preparations for “direct influence operations.”
The hackers, allegedly linked to Iran’s Islamic Revolutionary Guard Corps, have conducted reconnaissance and probing of multiple election-related websites in battleground states, as well as scanning a U.S. news outlet for vulnerabilities. Vice President Kamala Harris and Republican candidate Donald Trump are in a close race for the upcoming presidential election on Nov. 5.
“Cotton Sandstorm is expected to escalate its activities as the election draws closer, based on their operational history and tempo,” researchers stated. The group’s past interference efforts are particularly troubling.
A spokesperson for Iran’s mission to the United Nations denied the allegations, stating that Iran has no motive or intent to interfere in the U.S. election.
In a previous cyber-enabled influence operation in 2020, Cotton Sandstorm posed as the right-wing group “Proud Boys,” sending threatening emails to Florida residents to vote for Trump. While their actions did not impact individual voting systems, they aimed to create chaos and doubt.
After the 2020 election, Cotton Sandstorm reportedly encouraged violence against U.S. election officials who refuted claims of widespread voter fraud. The Office of the Director of National Intelligence highlighted Russia, Iran, and China as foreign actors seeking to sow discord and undermine confidence in the U.S. democratic system.
