Putin's pro-Trump trolls accuse Harris of poaching rhinos

Russian, Iranian, and Chinese trolls are all ramping up their US election disinformation efforts ahead of November 5, but – aside from undermining faith in the democratic process and confidence in the election result – with very different objectives, according to Microsoft.

In a Wednesday report [PDF], Redmond's Threat Analysis Center suggested all three nations' cyber influence operations gangs are gearing up for even more fake news and social media trolling in the final two weeks before election day. And all of this activity will likely reach a fever pitch – with an AI assist – in the final 48 hours before the US heads to the polls.

In particular, Microsoft's threat intel team expects to see Iran's Cotton Sandstorm – a hacking and cyberspy crew linked to the Islamic Revolutionary Guard Corps (IRGC) – launch influence operations as the election nears. This seems especially likely given the group's history [PDF].

And while Cotton Sandstorm hasn't yet started spewing any fake news ahead of the vote, Microsoft claims it recently discovered that the crew had "performed reconnaissance and limited probing of election-related websites in some US swing states in April 2024," along with similar hacking attempts against "major US media outlets" a month later. 

Another Iranian government-backed group, Storm-2035, has been posting "divisive and at times conspiratorial" articles while pretending to be various local US news outlets – around eight per week, targeting both Democrats and Republicans, we're told.

Late last month, the Department of Justice charged three Iranians, all allegedly IRGC members, for their involvement in a hack-and-leak campaign targeting the Trump campaign. 

We expect Russia, Iran, and China to continue their efforts, including using AI

In addition to allegedly stealing massive amounts of materials from Donald Trump's 2024 presidential campaign, and then leaking this info to media organizations, the three are also accused of using "spear phishing and social engineering techniques to target and compromise the accounts of current and former US government officials, members of the media, non-governmental organizations, and individuals associated with US political campaigns," according to court documents.

Microsoft, in one of its earlier 2024 election reports, accused Iranian cybercriminals of sending phishing emails to "a high-ranking official of a presidential campaign" using a "compromised email account of a former senior advisor."

Russia ramps up pro-Trump messaging

While Iran's election operations to date seem to put it in the pro-Harris camp, Russia has increased its attacks against the Harris-Walz campaign, we're told.

This includes Russian-language accounts posted on both X and Telegram showing an AI-enhanced video of vice president Kamala Harris. The deepfake depicts Harris making inappropriate jokes about assassination attempts against Trump, and received tens of thousands of views on X after an RT correspondent posted it on September 23.

In an even more out-there video, another Russian crew that Microsoft tracks as Storm-1516 posted a video of a staged interview with an actor purporting to be a park ranger, claiming Harris killed an endangered rhinoceros in Zambia. Numerous Storm-1516-affiliated websites and channels amplified the fake news story after it went live on September 25.

• Uncle Sam puts $10M bounty on Russian troll farm Rybar
• Putin really wants Trump back in the White House
• Feds charge 3 Iranians with 'hack-and-leak' of Trump 2024 campaign
• China's Spamouflage cranks up trolling of US Senator Rubio as election day looms

Shortly after Harris became the Democratic nominee, this same crew staged a video accusing Harris of a hit-and-run incident. This received millions of impressions across social media, we're told.

More recently, on October 16, a phony video on X accused governor Tim Walz, Harris's running mate, of sexual assault while he was a high school student. Microsoft has determined "with moderate confidence" that Storm-1516 is also behind this effort.

Yet another Russian troll farm, Storm-1679, has taken to posting anti-Harris videos on social media accounts spoofing Fox News, the FBI, and Wired.

China's down-ballot disinfo

While Russia and Iran square off over Harris and Trump, China's disinformation efforts have taken a down-ballot approach – targeting Republican candidates seeking seats in the US Senate and House of Representatives who have publicly denounced the People's Republic of China (PRC).

Perhaps the most prolific of these influence campaigns comes from the Chinese Ministry of Public Security-linked group Spamouflage (Microsoft calls them "Taizi Flood"). These campaigns, starting in July and ramping up in September, have targeted Representative Barry Moore (R-Alabama), Senator Marco Rubio (R-Florida), Senator Marsha Blackburn (R-Tennessee), and Representative Michael McCaul (R-Texas).

In a blog post on Wednesday, Clint Watts, general manager of the Microsoft Threat Analysis Center, warned: "We expect Russia, Iran, and China to continue their efforts, including using AI, and may employ tactics that seek to cast doubt about the integrity of the election's outcome." ®