With two weeks until Election Day 2024, the Microsoft Threat Analysis Center (MTAC) observes sustained influence efforts by Russia, Iran, and China aimed at undermining U.S. democratic processes. Since our last two reports, the U.S. government has taken many actions revealing cyber and influence activity from foreign adversaries related to election 2024. Most recently, that includes revealing malicious Iranian cyber actors’ sending of “stolen, non-public material from former President Trump’s campaign” to both individuals then associated with President Biden’s campaign and U.S. media organizations, and the indictment of three Iranian actors for the hack-and-leak operation targeting the Trump-Vance campaign.
We also noted in our last report that while Iranian actors have focused their cyber-influence operations on the Trump campaign, Russian actors decisively pivoted toward the Harris campaign once she entered the race. Since then, Russian actors continue to integrate generative AI into their content, Iranian groups ramp up their preparations to enable cyber-influence operations, while Chinese actors shift focus to several down-ballot candidates and members of Congress. Russian actors have notably attempted to target the Harris-Walz campaign by attacking the candidates’ characters.
History has shown foreign actors’ ability to rapidly distribute deceptive content can significantly impact public perception and electoral outcomes. With a particular focus on the 48 hours before and after Election Day, voters, government institutions, candidates, and parties must remain vigilant against deceptive and suspicious activity online. Early detection and fact-checking remain essential to countering these efforts and maintaining election integrity.
We discuss this activity in our fifth election report by the Microsoft Threat Analysis Center (MTAC) released today.
Russia stays focused on the Harris-Walz campaign
Russian operatives continue to take steps to undermine the Harris-Walz campaign. Russian actors continue to create AI-enhanced deepfake videos about Vice President Harris. In one video, Harris is depicted as allegedly making derogatory comments about former President Donald Trump. In another from a Kremlin-aligned troll farm we track as Storm-1516, Harris is accused of illegal poaching in Zambia. Finally, another video spreads disinformation about Democratic vice president nominee Tim Walz, gaining more than 5 million views on X in the first 24 hours.
While most of these videos received minimal engagement, they underscore Russia’s ongoing use of both traditional and AI-generated content to influence U.S. audiences and stoke political discord. We have also seen some actors shifting their content publishing strategy from Telegram to X to reach U.S. audiences.
Escalating hostilities in the Middle East have not slowed Iran’s cyber-influence operations
Iran has proved that it can run multiple operations against varying targets simultaneously. Despite escalating tensions with Israel, Iran continues its efforts to influence U.S. audiences. Most recently, MTAC observed Iranian activity, disguised as “Bushnell’s Men,” calling on Americans to boycott the elections due to the candidates’ support for Israel. The group’s previous efforts to incite anti-Israeli protests at universities further illustrate their use of divisive social issues to sow conflict among communities in the U.S.
Additionally, the Iranian cyber group Microsoft tracks as Cotton Sandstorm has been actively scouting election-related websites and media outlets, suggesting preparations for more direct influence operations as Election Day nears. The actor’s history of election interference and their pattern of cyber-influence operations underscores the persistent threat they pose.
China targets down-ballot candidates and members of Congress
Chinese influence operations have focused on down-ballot Republican candidates and members of Congress that advocate for anti-Chinese policies. This includes campaigns against Rep. Barry Moore, Sen. Marsha Blackburn, and Sen. Marco Rubio (not currently up for re-election this cycle). Actors have parroted antisemitic messages, amplified accusations of corruption, and promoted opposition candidates. While not always resulting in high levels of engagement, these efforts demonstrate China’s sustained attempts influence U.S. politics across the board.
Remaining vigilant to online threats.
During times of heightened emotion, conflict, and competition, manipulated images, audio, and video often travel further and faster across audiences than during an average news cycle. Foreign actors have proven nimble and capable of inserting deceptive content and distributing it rapidly during these moments. We expect Russia, Iran, and China to continue their efforts, including using AI, and may employ tactics that seek to cast doubt about the integrity of the election’s outcome. MTAC will continue to monitor this activity and provide updates publicly to promote education and protect institutions from any form of foreign interference.
Microsoft will not endorse a candidate or political party.