How Adversaries Try to Interfere with the U.S. Election | Intel 471 Skip to content

How Adversaries Try to Interfere with the U.S. Election

Oct 14, 2024
Use this background

The year 2024 is the biggest election year in modern history, with over 60 countries representing around a quarter of the world's population holding national elections. While the outcomes of many of these elections have shaped and will shape domestic, regional and global geopolitics, arguably none are likely to be as consequential as the U.S. presidential election, set to take place in November 2024. Amid a period of heightened global instability — and as it is thought to be the world’s foremost and sole widely undisputed superpower — the outcome of this election will determine the nature of U.S. global foreign policy that undoubtedly will be critical in influencing the trajectory of current and possible future regional conflicts across Europe, the Middle East and Asia.

With potentially so much at stake, authoritarian states such as China, Iran and Russia — which are united in a common goal to establish a multipolar global order — have demonstrated a vested interest in interfering with and influencing the outcome of the U.S. election in favor of their preferred candidate that would aid in advancing their unique strategic national interests. The risks from each of these major players are not uniform, however.

According to the U.S. intelligence community, Russia has attempted to use a variety of cyber techniques to influence the outcome of elections in the U.S. since at least 2015; there is less evidence against China and Iran to suggest such a prolonged interest in the same. In early 2024, the U.S. Office of the Director of National Intelligence (ODNI) warned that Russia would attempt to undermine the U.S.’s global standing and sow domestic discord among U.S. voters, primarily to impact Western support for Ukraine in ways that support the Kremlin’s foreign policy objectives. With so much at stake in determining the potential outcomes of the Russia-Ukraine war — now in its third year — the Kremlin, in some respects, seems increasingly more brazen and willing to devote significant resources to influencing the outcome of the 2024 election.

Meanwhile, Iran likely would prefer a Democratic candidate victory over Republican candidate and former U.S. President Donald Trump. However, Iran’s more limited resources mean that it likely is more focused on sowing discord among U.S. voters to cast doubt on the legitimacy of the election rather than attempting to deliver victory for one candidate over the other.

At the same time, China has no discernable preference for one particular candidate. Instead, it seeks to shape the information environment to encourage candidates to support economic and trade policies that are less harmful to Chinese dominance of certain sectors, while simultaneously seeking to maintain its access to U.S. technologies and data.

Significant techniques, technologies

Artificial intelligence

Russia is by far the most mature and prolific example of operationalizing artificial intelligence (AI) capabilities to interfere in the U.S. presidential election. According to ODNI, Russian threat actors have produced the greatest volume of AI-generated content, including text, images, audio and video. However, their efforts appear to have been less impactful than many feared, and the degree to which this content is disseminated and viewed online varies widely.

The Russian threat group Storm-1679’s AI-generated videos advanced conspiracy theories about Democratic candidate Vice President Kamala Harris and her family, but these did not seem to achieve significant popularity. In addition, there is an observable preference for Russia to boost Trump’s campaign but denigrate Harris’.Microsoft’s Threat Analysis Center (MTAC) also listed the Volga Flood aka Rybar group as being among the leading Russian actors that leverage AI to scale its operations.

China also uses AI capabilities in its efforts to shape discourse around global events that may affect the U.S. election, albeit at a smaller scale. Beijing mostly has used AI to expand the reach of its covert influence campaigns, minimizing the resources needed; for example, the use of AI has reduced or obviated the need for human beings working in APTs to amplify messaging. In at least one instance, China engaged an unnamed China-based technology company to create convincing online content tailored to a U.S. audience.

In August 2024, researchers uncovered the Green Cicada Network, an AI large language model (LLM)-based system controlled and coordinated by a former Tsinghua University student who subsequently was employed by a Beijing-based AI company. Notably, Tsinghua is closely linked to China’s People Liberation Army (PLA) and intelligence agencies. With at least 5,000 unauthentic accounts, the operation engaged in divisive political discourse on U.S. political and cultural issues. On some occasions, the Green Cicada Network spread contentious messages on geopolitical flashpoints in Australia, India, Japan, the U.K. and Western Europe. At the time of writing, the network was still in the experimental phase and had limited reach and effect in malign political influence.

U.S. officials also have claimed that Iran has been observed using AI techniques to deliver information operations targeting the U.S. presidential election. However, Iran’s ability to harness AI is at a far less mature development stage and is more likely to be a major concern in the 2028 presidential election than in 2024.

Traditional information operations

By far the most resource-intensive but also most common form of influence operation designed to affect the U.S. presidential election is the traditional information operation. Through this tactic, threat actors create numerous social media accounts under fake personas — normally purporting to be average American citizens — to shape discourse around issues linked to the election. These operations typically combine disinformation and misinformation techniques to muddy the waters and make it difficult to definitively prove or disprove the veracity of the published content.

Textual content still constitutes the majority of content published for this purpose. The Chinese campaign Spamouflage aka Taizi Flood used at least 15 fake accounts on X, formerly Twitter, to pose as students participating in pro-Palestine protests at U.S. universities. But the more impactful effort linked to China in this regard was by the threat actor Storm-1852, who published short-form video content in support of Trump. This content usually mocked U.S. President Joe Biden or questioned his abilities to properly fulfill his role. Russian threat groups Doppelganger and Storm-1516 are also prolific in this space.

Phishing, espionage

Russian and Iranian threat groups both make frequent and effective use of phishing and spear-phishing tactics to gain a presence on a target’s device or network. They may then publish data stolen from the compromised device — a hack-and-leak operation — or simply maintain a presence to better understand the development of an election campaign. The Russian group Volga Flood is known to disseminate information obtained by other Russian groups such as RaHDit.

In August 2024, the Iranian threat group Mint Sandstorm aka APT42 was able to gain a presence on one or more devices used by individuals working on the Trump campaign. The group also was observed attempting to gain a presence to give insights to the Harris campaign. Earlier in the summer, Mint Sandstorm emailed documents from the Trump campaign to the Biden campaign, but the Biden campaign reportedly refrained from publishing or making use of the documents.

Shared traits

Although the manifestations of Chinese, Iranian and Russian influence operations differ, there are common traits seen in all three campaigns, which underscore the point that for these three countries the question of who occupies the White House in January 2025 is one of national security, rather than a mere opportunity to flaunt their capabilities. Campaigns from the three countries are strongly linked to the respective nations’ intelligence and security apparatuses, including:

  • The Chinese AI-powered Green Cicada Network has close ties to Tsinghua University, which itself has close ties to the PLA and Chinese intelligence agencies.

  • Hack-and-leak operations targeting both presidential candidates were attributed to Mint Sandstorm — linked to the Islamic Revolutionary Guard Corps (IRGC) — and two other Iran-affiliated groups Peach Sandstorm and Sefid Flood were linked to efforts to sow uncertainty over the health and legitimacy of the electoral process.

  • Russian groups were linked to a number of elements within the state apparatus, including the Presidential Executive Office within the Russian Presidential Organization, as well as to the Federal Security Service (FSB).

U.S. response

Since 2023, U.S. security, intelligence and law enforcement organizations have warned of attempts by China, Iran and Russia to influence the 2024 presidential election. A steady flow of announcements by organizations such as ODNI and the U.S. FBI confirmed such efforts are indeed underway. In addition to urging the owners of social media platforms such as Meta and X, formerly Twitter, to better detect and remove fake accounts, disinformation and misinformation, the U.S. government has sought to pursue perpetrators and prevent information operations targeting the election through judicial means.

Indictments, sanctions

The U.S. Department of Justice (DOJ) has unsealed a number of indictments against Russian and Iranian individuals assessed to be involved in influence operations targeting U.S. democracy and the U.S. Treasury has sanctioned individuals for the same reason. At the time of writing, no fewer than 10 Iranians have been indicted for attempting to interfere with the elections, and at least 10 Russians have been indicted for the same reason. A number of major Russian media organizations have been designated “foreign missions,” which requires them to give details on their personnel to the U.S. government.

Outlook, assessment

China

Generative AI played a major role in the CCP’s covert influence operations against the U.S. While these campaigns demonstrated a higher degree of sophistication — in particular, more compelling online personas created and managed by the Chinese propaganda arm — they generally still lacked conviction and failed to generate a significant number of views or discussions online. Therefore, we assess China’s involvement in the upcoming election as moderate.

In past U.S. election cycles, Beijing actively promoted specific pro-China candidates and sought to discredit those perceived to be opposing its interests. However, in 2024, China’s interference in the U.S. presidential elections have been subdued compared to other foreign adversaries like Russia and Iran. This is likely because, despite heightened China-U.S. tensions, the outcome of the presidential election will probably not drastically improve relations.

Be it a Trump or Harris victory, the incumbent administration highly likely will continue to impose new tariffs and export controls on key sectors, including manufacturing and technology. It also is probable that either new president will reinforce efforts to disengage with China in its supply chains and capital markets, redirecting offshore operations to other regions such as Southeast Asia, India and Europe.

For the rest of 2024, China almost certainly will focus on preparing to meet the challenges that would come with the new U.S. administration. Ensuring that a trade war with the U.S. will not break out, maintaining stable relations and improving intergovernmental and inter-military communication likely will be Beijing’s top priorities. For example, the CCP could pledge more investments and job creation in the U.S. market to dull public calls for anti-China policies.

In the next six to 12 months, resiliency — rather than growth — highly likely will be the main goal for China. It will continue to adjust its strategy based on the strengths and weaknesses of the new U.S. administration. Beijing likely will adopt a whole-country approach — coordinating with economic stakeholders, the military and technology leaders — to counter Washington’s containment strategy. In addition, the CCP almost certainly will mobilize its offensive cyber intelligence apparatus to force access to U.S. technologies and data that can be used commercially or in the military.

Iran

Iran likely will not be daunted by its lack of success or by the uncovering of its operations by U.S. intelligence, security and law enforcement organizations. It likely will commit more resources to interference as the Election Day draws closer. Iran likely will not believe that its campaigns can persuade large numbers of voters to switch their allegiance, and may instead focus on key counties in swing states closer to election day to make best use of its relatively limited resources.

The media attention generated by U.S. intelligence community statements about Iran’s attempts to interfere in the presidential election almost certainly imposes some costs on Iran in terms of the need to provision new infrastructure to attempt to evade further scrutiny. However, some elements within Iran’s state security apparatus likely view the revelations as useful propaganda that bolsters Iran’s image as a credible cyber threat.

Russia

As seen in previous election cycles, the efforts undertaken by Russian influence actors signals that the Kremlin has an obvious preference for Trump assuming office again in 2025. This almost certainly is a result of his personal and political views regarding the Russia-Ukraine war. Although Trump has not formally laid out his plans to end the war, his statements to date imply a more favorable outcome for Russia — likely meaning Ukraine is forced to cede territory and not join NATO, which is in line with Putin's maximalist demands.

The extensive involvement of Russian-backed APTs in prosecuting the Ukraine war highly likely accounts for the notable lack of reported activity conducted by them against the U.S. election, political parties and candidates. Instead, Putin, via the Presidential Administration, likely calculated that a more effective strategy would be to use more deniable means to influence political and social discourse through the vast array of social media platforms that are heavily relied upon for digesting daily information in Western societies.

Despite several public disclosures, operational disruptions, indictments and sanctions, the Kremlin almost certainly will not be deterred into reducing or ceasing these operations. Instead, Russia likely will seek to increase these efforts right up to Election Day. Regardless of the election's outcome, Russia highly likely will seek to continue such operations in the immediate aftermath, with a view of capitalizing on political or social discontent surrounding the outcome and further undermining public trust in U.S. government institutions.

This report is part of Intel 471’s Cyber Geopolitical Intelligence which provides a unique lens into shifting regional alliances, trade disputes, territorial conflicts and diplomatic crises that we believe will impact the cyber threat landscape. For more information, download the datasheet and contact Intel 471.