2024 US Presidential Election Cyber Intrusion: Part 4

Uploaded on 2024-10-25 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Part 4 of a series that will analyze critical cyber security aspects during the countdown to the 2024 US Presidential Election, beginning with Nation State Threat Actors, then Covert Influence Operations, Hactivism and Cybercrime.

Russian Hacktivism
As the US is a critical member of the NATO alliance supporting Ukraine against the ongoing Russian invasion, the US presidential election will likely be targeted by pro-Russian hacktivists.

They will likely seek to disrupt the US public sector on the day of the election itself, a phenomenon that we in Quorum Cyber have witnessed with other high-profile elections throughout 2024, including the UK General Election, the European Parliament Election and more recently, the Austrian Legislative Election.

At Quorum Cyber, we have also assessed that hacktivist collectives that are ideologically aligned with the Kremlin will likely attempt to dox election officials, political party candidates, and journalists within the US. Their aim is to publicize private or personal information on the Internet to intimidate or embarrass targets as part of a broader campaign of protesting against US foreign policy with regards to its support for Ukraine. There is a realistic possibility that these efforts would extend to ‘hack-and-leak” operations involving a two-step process to compromise victims and subsequently release extracted data with the intention to influence a target set.

Politically motivated hacktivists have a history of focusing on election related targets. It should be noted that these offensive efforts are often sporadic and tend to be amplified by foreign conflicts or controversial domestic issues that typically have less impact than other attack vectors, often involving the temporary disruption of target websites.

However, the threat of Russian hacktivism will likely be intensified with a recent trend that the Quorum Cyber Threat Intelligence team has detected of the Russian government likely combining its kinetic and cyber warfare capabilities to enhance its offensive efforts against Ukraine. This has recently crossed over into the hacktivism domain with the Moscow state-sponsored cyber actor Seashell Blizzard masquerading as the ‘Cyber Army of Russia Reborn’ hacktivist group in what we have assessed to likely be a smoke screen for more sophisticated efforts against Kyiv and supporting NATO states in retaliation to ongoing support for Ukraine.

Palestinian Hacktivism

To align with Iran’s interests of retaliating against the US withdrawal from the Iranian nuclear accords as well as support for Israel throughout the ongoing Middle East conflict, pro-Palestinian hacktivists will likely target the US presidential election to disrupt the western democratic process. As with other collectives, the attack chains of pro-Palestinian hacktivists involve a combination of DDoS attacks as well as web defacement efforts and doxing. However, hack-and-leak operations tend to be emphasized more as a primary attack vector. Pro-Iran disruptive or hack-and-leak efforts previously targeted the 2020 US election an incident that was linked to the Iranian cyber company Emennet Pasargad.

The Quorum Cyber Threat Intelligence team has recently detected two significant trends within the pro-Palestinian hacktivist threat landscape that could be relevant for the US presidential election. The first has involved the emergence of a “faketivist” phenomenon whereby Iranian nation-state sponsored cyber units have leveraged pro-Palestinian hacktivist personas as a front for more sophisticated state-level attacks. This initially manifested in November 2023 when the ‘CyberAv3ngers’ targeted Israeli-made equipment utilized by the US utilities sector. The second has involved Russian and pro-Palestinian threat actors collaborating in cyberspace, likely coinciding with strengthening geopolitical relations between Russia and Iran due to their ongoing economic and military cooperation, with both countries being heavily sanctioned by the democratic west.

These attacks will likely be aggravated further following the US Secretary of State, Antony Blinken, announcing further sanctions against Iran on September 10th. These were imposed in response to Tehran sending Fath-360 short-range ballistic missile systems to Moscow that will likely be used against Ukraine as Russia continues its mission of gaining further territory in Eastern Europe. Although Russia has a range of ballistic missiles at its disposal, the supply of Iranian missiles will allow the Kremlin to prioritise more of its weapon store for targets further from the front line.

Taking these factors into account, the threat of hacktivists targeting the US presidential election will likely be heightened and will be further intensified by operations launched in retaliation to the following recent developments within US foreign affairs relating to the ongoing Middle East conflict:

The US government has proscribed Hamas, Hezbollah, and other Middle East militant groups as terrorist organizations.

The US participated in the Operation Prosperity Guardian military coalition to protect Red Sea shipping from attacks by the Yemeni Houthi Rebel Faction.

TO BE CONTINUED

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber specializing in strategic and geopolitical intelligence.

Image: Andrii Shyp

You Might Also Read:

2024 US Presidential Election: Nation State Cyber Threats:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.