With the 2022 midterms now just days away, there are concerns that foreign actors could be working to undermine the U.S. elections process. This month, the FBI warned that an Iranian government-tied hacker group that previously tried to interfere in the 2020 election is currently active, and could pose a serious threat. The group is believed to operate from the Iranian cybersecurity firm Emennet Pasargad, and the group works at the behest of Tehran.
The group has conducted a number of hack-and-leak cyber operations against Israeli interests, but also hacks organizations and leaks potentially sensitive material online using made-up “hacktivist” personas via social media. It also used many of those same techniques to target U.S. entities during the 2020 Presidential election. The group is believed to be behind a campaign that was meant to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord.
Though Tehran denied involvement in the campaign to influence the outcome of the 2020 election, the U.S. Department of Justice (DOJ) subsequently charged two Iranian nationals for their efforts to compromise voter registration in 11 states. In 2021, the Department of the Treasury also sanctioned the Iranian firm, along with six Iranians affiliated with it.
According to the DOJ, the two individuals, Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian, obtained confidential U.S. voter information from at least one state election website; sent threatening email messages to intimidate and interfere with voters; created and disseminated a video containing disinformation about purported election infrastructure vulnerabilities; attempted to access, without authorization, several states’ voting-related websites; and successfully gained unauthorized access to a U.S. media company’s computer network.
The pair is believed to have carried out their efforts between August and November 2020.
Iran Could Strike Again This Year
The FBI has warned that many of the same techniques employed by Emennet Pasargad’s cyber-enabled information operation that targeted the 2020 US Presidential election could be employed again.
Due to the nature of this threat, the U.S. Department of State’s Diplomatic Security Service’s Reward for Justice program is now offering a reward of up $10 million for information to the identification or location of any foreign person, including a foreign entity, who knowingly engaged or is engaging in interference in U.S. elections, as well as information leading to the prevention, frustration, or favorable resolution of an act of foreign election interference.
Unlike many other hacking groups, those working for Emennet Pasargad seem more about sowing distrust within the general U.S. populace than actually gathering of information for profit.
However, FBI information has indicated that Emennet Pasargad continues to pose a broader cybersecurity threat outside of information operations. Since 2018, hackers working at the firm are believed to have conducted traditional cyber exploitation activity targeting several sectors, including news, shipping, travel (hotels and airlines), oil and petrochemical, financial, and telecommunications, in the United States, Europe, and the Middle East.
Countering the Efforts
Cybersecurity experts are increasingly warning everyone to stay vigilant when responding to emails and comments on social media regarding the upcoming election. Misinformation and disinformation continue to spread online, and everyone is encouraged to check facts before forwarding or sharing rumors about candidates or the election process.
IT departments should also ensure their networks are secured so that hackers can’t exploit these to send the content – making it seem all the more legitimate.
“Considering the tactics used by the Iranians to try and influence American voters, namely spoofing emails to try and intimidate voters, we recommend that companies take some basic cyber hygiene steps to protect their e-mail and domain name service infrastructure,” said Avishai Avivi, CISO at cybersecurity research firm SafeBreach.
“These include implementing DMARC records and DNSSEC,” Avivi told ClearanceJobs via an email. “This will help prevent the malicious actors from using the company’s own infrastructure to generate these attacks. These are simple to implement, and will cost nothing.”