2024 US Presidential Election Cyber Intrusion: Part 4 - Rising Hacktivist Threats

Uploaded on 2024-10-25 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Part 4 of a series that will analyze critical cyber security aspects during the countdown  to the 2024 US Presidential Election, beginning with Nation State Threat Actors, then Covert Influence Operations, Hactivism and Cybercrime.

Russian Hacktivism
As the US is a critical member of the NATO alliance supporting Ukraine against the ongoing Russian invasion, the US presidential election will likely be targeted by pro-Russian hacktivists.

They will likely seek to disrupt the US public sector on the day of the election itself, a phenomenon that we in Quorum Cyber have witnessed with other high-profile elections throughout 2024, including the UK General Election, the European Parliament Election and more recently, the Austrian Legislative Election.

At Quorum Cyber, we have also assessed that hacktivist collectives that are ideologically aligned with the Kremlin will likely attempt to dox election officials, political party candidates, and journalists within the US. Their aim is to publicize private or personal information on the Internet to intimidate or embarrass targets as part of a broader campaign of protesting against US foreign policy with regards to its support for Ukraine. There is a realistic possibility that these efforts would extend to ‘hack-and-leak” operations involving a two-step process to compromise victims and subsequently release extracted data with the intention to influence a target set.

Politically motivated hacktivists have a history of focusing on election related targets. It should be noted that these offensive efforts are often sporadic and tend to be amplified by foreign conflicts or controversial domestic issues that typically have less impact than other attack vectors, often involving the temporary disruption of target websites.

However, the threat of Russian hacktivism will likely be intensified with a recent trend that the Quorum Cyber Threat Intelligence team has detected of the Russian government likely combining its kinetic and cyber warfare capabilities to enhance its offensive efforts against Ukraine. This has recently crossed over into the hacktivism domain with the Moscow state-sponsored cyber actor Seashell Blizzard masquerading as the ‘Cyber Army of Russia Reborn’ hacktivist group in what we have assessed to likely be a smoke screen for more sophisticated efforts against Kyiv and supporting NATO states in retaliation to ongoing support for Ukraine.

Palestinian Hacktivism

To align with Iran’s interests of retaliating against the US withdrawal from the Iranian nuclear accords as well as support for Israel throughout the ongoing Middle East conflict, pro-Palestinian hacktivists will likely target the US presidential election to disrupt the western democratic process. As with other collectives, the attack chains of pro-Palestinian hacktivists involve a combination of DDoS attacks as well as web defacement efforts and doxing. However, hack-and-leak operations tend to be emphasized more as a primary attack vector. Pro-Iran disruptive or hack-and-leak efforts previously targeted the 2020 US election an incident that was linked to the Iranian cyber company Emennet Pasargad.

The Quorum Cyber Threat Intelligence team has recently detected two significant trends within the pro-Palestinian hacktivist threat landscape that could be relevant for the US presidential election. The first has involved the emergence of a “faketivist” phenomenon whereby Iranian nation-state sponsored cyber units have leveraged pro-Palestinian hacktivist personas as a front for more sophisticated state-level attacks. This initially manifested in November 2023 when the ‘CyberAv3ngers’ targeted Israeli-made equipment utilized by the US utilities sector. The second has involved Russian and pro-Palestinian threat actors collaborating in cyberspace, likely coinciding with strengthening geopolitical relations between Russia and Iran due to their ongoing economic and military cooperation, with both countries being heavily sanctioned by the democratic west. 

These attacks will likely be aggravated further following the US Secretary of State, Antony Blinken, announcing further sanctions against Iran on September 10th. These were imposed in response to Tehran sending Fath-360 short-range ballistic missile systems to Moscow that will likely be used against Ukraine as Russia continues its mission of gaining further territory in Eastern Europe. Although Russia has a range of ballistic missiles at its disposal, the supply of Iranian missiles will allow the Kremlin to prioritise more of its weapon store for targets further from the front line.

Taking these factors into account, the threat of hacktivists targeting the US presidential election will likely be heightened and will be further intensified by operations launched in retaliation to the following recent developments within US foreign affairs relating to the ongoing Middle East conflict:   

  • The US government has proscribed Hamas, Hezbollah, and other Middle East militant groups as terrorist organizations.
  • The US participated in the Operation Prosperity Guardian military coalition  to protect Red Sea shipping from attacks by the Yemeni Houthi Rebel Faction.

TO BE CONTINUED

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber specializing in strategic and geopolitical intelligence.

Image: Andrii Shyp

You Might Also Read:

2024 US Presidential Election: Nation State Cyber Threats:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« BRICS Summit: Russia's Foreign Ministry Attacked
Online Killer Sentenced To Life In Jail »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Datiphy

Datiphy

Datiphy's data-centric security platform uses behavioral analytics, and data-centric auditing and protection capabilities to mitigate risk.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

National Security Services Group (NSSG)

National Security Services Group (NSSG)

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

Turk Telekom

Turk Telekom

Turk Telekom is the first integrated telecommunications operator in Turkey.