2024 US Presidential Election: Nation State Cyber Threats

Uploaded on 2024-09-17 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Introduction to a series that will analyze critical cyber security aspects during the countdown  to the 2024 US Presidential Election, beginning with Nation State Threat Actors, then Covert Influence Operations, Cybercrime and Hactivism.

American citizens will head to the polls to elect their President and Vice President on Tuesday, November 5th, 2024. They will also vote for members of Congress, all of whom hold a critical role in passing legislation that has the potential to directly impact the American way of life. The new US President, who will represent the country abroad and conduct foreign policy negotiations, will serve a four-year term in the White House, starting in January 2025.

With a failed assassination attempt on former President Donald Trump, President Joe Biden’s decision to not seek re-election and Vice President Kamala Harris becoming the Democratic nominee, the fractured US political landscape will likely be reflected in cyber space as hostile nation state actors seek to capitalize on US instability to meet pre-defined objectives.

The cybersecurity landscape relating to the election will likely be characterized by a diverse range of adversarial state-level threats due to a wide array of available targets found in election systems, administrators, and campaign infrastructure potentially vulnerable to compromise.

Priority cyber targeting throughout the election period will likely involve the government sector, election-related networks, national and local political parties, and the personal devices of election officials. However, as with all cyber warfare engagements, a spillover into private sector businesses is inevitable.

Iran

Iranian state-sponsored cyber-attacks likely pose the greatest risk to the 2024 US Presidential Election due to stalled nuclear negotiations as well as Washington’s consistent support for Israel throughout its conflict with Iran’s Axis of Resistance proxy, Hamas, in the Gaza Strip. 

With the election outcome likely to have far-reaching effects on Iran’s national security interests, state-level cyber activity directed by the regime against the election will likely involve a hybrid approach of intrusive espionage efforts and influence campaigns to gather intelligence on US foreign policy as well as to intimate US voters. However, these efforts will likely be launched sporadically with Tehran currently focused on domestic surveillance, the conflict within Gaza, and reuniting the nation under its new President, Masoud Pezeshkian, following recent domestic unrest amongst its citizens. 

During the Obama-era in 2015, Iran signed the Joint Comprehensive Plan of Action (JCPoA) with the UN Security Council’s five permanent members, one of which is the US, plus Germany  (also known as P5+1), an accord that placed significant restrictions on Iran’s nuclear program in exchange for sanctions relief. However, in May 2018, during his previous tenure, Donald Trump removed the US from Iran’s nuclear deal, due to Tehran’s reported increasing non-compliance according to the International Atomic Energy Agency (IAEA), which resulted in greater tensions between the countries. This also put Iran under financial strain due to economic sanctions, following the former president’s “maximum pressure” policy, expanding US restrictions to all countries and companies doing trade and business with Iran.

In response to these foreign affairs developments between Tehran and Washington, Iranian threat actors will likely launch a combination of influence and disruptive attacks to interfere in the upcoming election with a likely intention to sway the vote in favour of a Democratic Party victory, with the hope of future US re-entry to the nuclear deal.

However, the Democratic Party will also likely find itself in the crossfire of these Iranian cyber operations, with The Washington Post already reporting  that the FBI has investigated attempted hacking efforts targeting the Biden-Harris campaign, an inquiry that began in June prior to President Joe Biden dropping out of the presidential race.

Iranian cyber aggression has a track record of targeting US election infrastructure whereby back in 2020, Iranian actors attempted to sabotage several US state voter registration and information websites. Stolen voter contact data was leveraged to send threatening emails and social media messages directly, impersonating the “Proud Boys” to intimidate US officials and voters, with a video also being leveraged to spread a false claim of weaknesses in US election systems. Following the investigative efforts of the FBI, US authorities linked the actors to Emennet Pasargad, an Iranian-based company that has provided services to the Iranian government, including to the Guardian Council.

Russia

Cyber operations backed by the Russian Federation also pose a significant risk to the US Presidential Election due to US membership of the North Atlantic Treaty Organisation (NATO) alliance as well as continuous support for Ukraine demonstrated by the current Democratic Party throughout the ongoing Russian invasion.

Russian cyber actors will likely seek to influence the outcome of the election in favour of a Republican victory, with tensions developing between the party and the NATO alliance as well as Republican priorities towards financial expenditure shifting from foreign to domestic aid. It is therefore likely that a conservative victory could impede military and economic support for Ukraine, thus bolstering the Kremlin’s ability to potentially gain more territory on the ground in Eastern Europe.

While it is unlikely that the US would totally abandon NATO under a Republican Party government, there is a realistic possibility that this would leave the NATO alliance in a weakened condition both militarily and in cyberspace, likely providing Russian hackers with hostile intent to capitalise on these developing uncertainties within the Democratic West.

China

With Washington openly declaring substantial support towards Taiwan, the results of the US election will almost certainly be critical as it pertains to the global objectives of the People’s Republic of China (PRC). 

China's increasing interest in the Taiwan Strait will likely result in surging Beijing state actor operations throughout the election period as a potential conflict within the region could be influenced by US desires to preserve stability in the area. Taiwan currently produces 90% of the world’s most advanced semiconductors that power lucrative technologies, ranging from artificial intelligence platforms to defence industry solutions, both of which are critical to China’s state ambitions. In line with Beijing’s desire for reunification with the island, Chinese tensions with the US involve the former desiring to undermine Taiwan’s ‘Silicon Shield’, a concept proposing that the global reliance on Taiwan’s advanced chipmakers keeps the island safe from a Chinese military invasion. 

Within this context, Chinese targeting of the US presidential election will likely be exacerbated by the Taiwan Semiconductor Manufacturing Company (TSMC) set to build its silicon chips in three factories currently under construction in Arizona, a recent development following TSMC receiving a pledge of almost $12 billion in government subsidy as part of President Biden’s efforts to attract silicon chip production within Washington’s domestic borders as part of the 2022 Chips and Science Act. With chipmaking therefore likely to become safeguarded within the borders of the US over the next decade,

Chinese hackers will likely ramp up their efforts to sway the vote in favour of the Democrats and to gather intelligence on the White House’s intended chipmaking policies with a desire to oppose the Republican Party allowing the US to become self-sufficient in the chipmaking industry.  

Chinese espionage will also likely accompany these proceedings with Beijing’s hackers attempting to collect intelligence on the recently formed trilateral US-Japan-Philippines alliance following President Biden and his counterparts, President Ferdinand Marcos Jr of the Philippines and the Japanese Prime Minister Fumio Kishida, holding the first-ever US-Japan-Philippines trilateral summit on April 11th. This highlights the importance of the US Indo-Pacific Strategy, as Washingtons attempts to push back on China’s territorial claims in the South China Sea, a factor that will likely shape the foreign policy priorities of whichever candidate emerges as victorious on November 5th. 

Down-ballot candidates will likely find themselves in the focus of Chinese cyber-attacks that Beijing perceives to pose a threat to China’s core interests, something that we have witnessed historically with Chinese actors targeting several midterm races in 2022 involving members of both the Democratic and Republican parties. These offensive efforts will likely be intensified with the US being a member of the Inter-Parliamentary Alliance on China (IPAC) , an international coalition of democratic parliaments that are critical of the polices of the Chinese Community Party (CCP).

North Korea

The North Korean government is currently prioritising its state survival due to economic sanctions placed upon the Republic by the UN in response to developments with its nuclear and ballistic missile programmes as well as weapons proliferation. The outcome of the upcoming US election therefore becomes critical for Pyongyang as although the state would almost certainly never relinquish its weapons infrastructure, it would likely seek a deal to freeze its nuclear program in return for the relief of US sanctions.

In this context, cyber-attacks targeting the US election out of North Korea will likely reflect the interest of the regime for the Republican Party to emerge victorious on November 5th.

North Korea likely views Donald Trump as its preferred presidential candidate that the state could negotiate with regarding its nuclear weapons program. Despite talks between the former US President and Kim Jong Un breaking down back in 2019, Donald Trump has previously highlighted his relationship with North Korea’s Supreme Leader, Kim Jong Un, as one of the main achievements of his presidency, with the former Republican Party recently stating, “I think he misses me, if you want to know the truth.”  during his acceptance speech at the Republican National Convention in July. Additionally, statements from Ri Il Kyu, a high-ranking official who defected from North Korea in November last year, have recently added weight to this assessment whereby Mr Ri claimed that North Korea is hoping it can leverage this relationship with Donald Trump to its advantage .

To date, North Korea has leveraged its strategic cooperation with the Russian Federation to bypass the need to seek US sanctions relief. However, this has only been possible due to the Russia-Ukraine conflict, with Pyongyang selling ammunition to Moscow to support its invasion, in return for vital supplies to combat North Korea’s internal economic crisis, ranging from food and energy supplies to military technology. However, with Donald Trump pledging to end the Russia-Ukraine war before January, if he is elected, North Korea will likely need to shift focus and appeal to Washington for its state survival and economic development.

This will also provide a secondary benefit to the Republic as any normalized relations with the US would deter the need to invade North Korea to eliminate threats posed by the regime to the Democratic West.

TO BE CONTINUED

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber specializing in strategic and geopolitical intelligence.

Image: Andrii Shyp

You Might Also Read: 

How AI Will Help Disrupt Elections Around The Globe:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Is The NIS2 Directive A Step In The Right Direction? 
Russian Hackers Exploit Mobile Browser Vulnerabilities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

ID Agent

ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

MergeBase

MergeBase

Reduce software supply chain risk with MergeBase proven Software Composition Analysis (SCA).

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.