2024 US Presidential Election Cyber Intrusion: Part 4 - Rising Hacktivist Threats

Part 4 of a series that will analyze critical cyber security aspects during the countdown  to the 2024 US Presidential Election, beginning with Nation State Threat Actors, then Covert Influence Operations, Hactivism and Cybercrime.


Russian Hacktivism
As the US is a critical member of the NATO alliance supporting Ukraine against the ongoing Russian invasion, the US presidential election will likely be targeted by pro-Russian hacktivists.

They will likely seek to disrupt the US public sector on the day of the election itself, a phenomenon that we in Quorum Cyber have witnessed with other high-profile elections throughout 2024, including the UK General Election, the European Parliament Election and more recently, the Austrian Legislative Election.

At Quorum Cyber, we have also assessed that hacktivist collectives that are ideologically aligned with the Kremlin will likely attempt to dox election officials, political party candidates, and journalists within the US. Their aim is to publicize private or personal information on the Internet to intimidate or embarrass targets as part of a broader campaign of protesting against US foreign policy with regards to its support for Ukraine. There is a realistic possibility that these efforts would extend to ‘hack-and-leak” operations involving a two-step process to compromise victims and subsequently release extracted data with the intention to influence a target set.

Politically motivated hacktivists have a history of focusing on election related targets. It should be noted that these offensive efforts are often sporadic and tend to be amplified by foreign conflicts or controversial domestic issues that typically have less impact than other attack vectors, often involving the temporary disruption of target websites.

However, the threat of Russian hacktivism will likely be intensified with a recent trend that the Quorum Cyber Threat Intelligence team has detected of the Russian government likely combining its kinetic and cyber warfare capabilities to enhance its offensive efforts against Ukraine. This has recently crossed over into the hacktivism domain with the Moscow state-sponsored cyber actor Seashell Blizzard masquerading as the ‘Cyber Army of Russia Reborn’ hacktivist group in what we have assessed to likely be a smoke screen for more sophisticated efforts against Kyiv and supporting NATO states in retaliation to ongoing support for Ukraine.

Palestinian Hacktivism

To align with Iran’s interests of retaliating against the US withdrawal from the Iranian nuclear accords as well as support for Israel throughout the ongoing Middle East conflict, pro-Palestinian hacktivists will likely target the US presidential election to disrupt the western democratic process. As with other collectives, the attack chains of pro-Palestinian hacktivists involve a combination of DDoS attacks as well as web defacement efforts and doxing. However, hack-and-leak operations tend to be emphasized more as a primary attack vector. Pro-Iran disruptive or hack-and-leak efforts previously targeted the 2020 US election an incident that was linked to the Iranian cyber company Emennet Pasargad.

The Quorum Cyber Threat Intelligence team has recently detected two significant trends within the pro-Palestinian hacktivist threat landscape that could be relevant for the US presidential election. The first has involved the emergence of a “faketivist” phenomenon whereby Iranian nation-state sponsored cyber units have leveraged pro-Palestinian hacktivist personas as a front for more sophisticated state-level attacks. This initially manifested in November 2023 when the ‘CyberAv3ngers’ targeted Israeli-made equipment utilized by the US utilities sector. The second has involved Russian and pro-Palestinian threat actors collaborating in cyberspace, likely coinciding with strengthening geopolitical relations between Russia and Iran due to their ongoing economic and military cooperation, with both countries being heavily sanctioned by the democratic west. 

These attacks will likely be aggravated further following the US Secretary of State, Antony Blinken, announcing further sanctions against Iran on September 10th. These were imposed in response to Tehran sending Fath-360 short-range ballistic missile systems to Moscow that will likely be used against Ukraine as Russia continues its mission of gaining further territory in Eastern Europe. Although Russia has a range of ballistic missiles at its disposal, the supply of Iranian missiles will allow the Kremlin to prioritise more of its weapon store for targets further from the front line.

Taking these factors into account, the threat of hacktivists targeting the US presidential election will likely be heightened and will be further intensified by operations launched in retaliation to the following recent developments within US foreign affairs relating to the ongoing Middle East conflict:   

  • The US government has proscribed Hamas, Hezbollah, and other Middle East militant groups as terrorist organizations.
  • The US participated in the Operation Prosperity Guardian military coalition  to protect Red Sea shipping from attacks by the Yemeni Houthi Rebel Faction.

TO BE CONTINUED

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber specializing in strategic and geopolitical intelligence.

Image: Andrii Shyp

You Might Also Read:

2024 US Presidential Election: Nation State Cyber Threats:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« BRICS Summit: Russia's Foreign Ministry Attacked
Online Killer Sentenced To Life In Jail »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.