Insight by Microsoft Federal

As cyber and influence operations converge ahead of the US 2024 election, government and industry can do more together

As we ramp up to the 2024 presidential election, collective election defense efforts are likely to be heavily tested. By working with private sector organizatio...

This content is provided by Microsoft Federal.

Influence operations have gained prominence in recent years, and we’re now seeing a growing trend of nation-state actors leveraging cyber tactics to enact greater effect in parallel with those information operations.

The tipping point came after the 2016 US presidential election when a bipartisan report from the Senate Intelligence Committee found that Russia used a mix of cyber and influence operations in an attempt to sway the election in favor of former President Donald Trump.

These tactics included leveraging a relationship between Republican political operative, Paul Manafort; a “Russian intelligence officer,” Konstantin Kilimnik; and Russian oligarch, Oleg Deripaska to exchange confidential campaign information. The committee also found that Russian President, Vladimir Putin, ordered hackers to compromise Democratic Party networks and accounts, and leak damaging information about then-candidate Hillary Clinton.

Nation-state influence operations targeting the US electorate persisted during the 2020 election and included authoritarian regimes beyond just Russia. Microsoft released a report on various attacks from Russian, Chinese, and Iranian nation-state groups against the Biden and Trump campaigns. This pattern of activity targeting US elections underscores a critical need: lawmakers, federal agencies, educational institutions, and security companies must work together to combat growing threat activity from nation-state actors. As we ramp up to the 2024 election, here’s how that can work.

What are influence operations, and how have they evolved?

The Office of the Director of National Intelligence (ODNI) defines election influence operations as “overt and covert efforts by foreign governments or actors acting as agents of, or on behalf of, foreign governments intended to affect directly or indirectly a US election—including candidates, political parties, voters or their preferences, or political processes.” The Microsoft Threat Analysis Center (MTAC) actively tracks ongoing influence operations as a way to monitor nation-state activity and better understand how cyberattacks and activity in the information space converge—such as how intelligence or data obtained in a hack might be used in the information space for political purposes.

As technology evolves, influence operations are growing increasingly sophisticated. We’re now seeing tactics that have traditionally been reserved for cyberattacks—such as email campaigns and ransomware—being increasingly leveraged in cyber-enabled influence operations after cyberattacks occur. Nation-states are also getting better at coordinating and amplifying their efforts, using artificial intelligence (AI) to create more eye-catching and dynamic images and videos. AI can also optimize this content for specific audiences.

For example, MTAC has observed China-affiliated actors leveraging AI-generated content to denigrate US political figures and symbols and heighten conflict around politically divisive topics, such as gun violence. This technology allows for more engaging content and drives higher engagement than previous Chinese online influence campaigns, which often relied on awkward digital drawings and stock photo collages.

These active attempts to sow discord within the United States represent a dramatic strategic shift by China, which had previously focused on amplifying propaganda to defend its own policies on Taiwan. If we compare China’s tactics against the lead-up to Russia’s efforts during the 2016 election cycle, researchers believe that China could be using similar tactics to target US audiences for election influence—including in the upcoming 2024 election.

Looking ahead to the 2024 election

As we approach the 2024 presidential election, public and private sector organizations each have a role to play to counter the effect of growing nation-state influence operations. We believe that 2024 may be the first presidential election in which multiple authoritarian actors—notably, Russia, China, and Iran—will simultaneously attempt to interfere with and influence the outcome.

And while MTAC has observed limited activity from nation-state actors seemingly beginning to leverage online assets for US-focused influence activity related to the 2024 election, it is still early in the cycle. To this point, it does not mean that nation-states aren’t actively laying the groundwork for more sophisticated influence operations, including those that may include cyber elements. Russian intelligence services have consistently attempted hacks to power its influence activity, and Iran has begun prolifically using hack-and-leak operations against a range of Tehran’s opponents. China has not yet employed any target hacks to power its election influence operations against the US, but that could change. Agencies’ responses will hinge on a few critical factors.

First, all threat defenders must work together to share threat intelligence on the latest nation-state attack vectors. To that end, the MTAC team is committed to sharing multiple threat assessment reports that will inform Microsoft’s programs to protect candidates, campaigns, elections, and voters headed into 2024, including those led by Microsoft’s Democracy Forward team. Our first report, “Protecting Election 2024 from foreign malign influence: lessons learned help us anticipate the future,” was released in November 2023.

The federal government must also join forces with the private sector to address the weaponization of technology, including AI, by cyber and influence actors. Collective defense is a significant part of this effort, setting the foundation for organizations to launch coordinated threat response actions in real time. For example, early last year, Microsoft, Fortra LLC, and Health-ISAC filed a lawsuit against the illicit use of Cobalt Strike—a popular, legitimate penetration testing tool—in connection with malware and ransomware attacks. The lawsuit accused a sophisticated group of cybercriminals of violations of the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and common law claims, claiming that the cybercriminals leveraged cracked Cobalt Strike as part of a ransomware-as-a-service enterprise. After the court granted injunctive relief, Microsoft, Fortra, and Health-ISAC took down the cracked Cobalt Strike infrastructure by seizing domain names and blocking IP addresses associated with the threat actors’ activities—resulting in a 50% reduction of active cracked Cobalt Strike servers in the United States. Microsoft also announced a series of election protection commitments to help safeguard voters, candidates and campaigns, and election authorities worldwide.

As we ramp up to the 2024 presidential election, collective election defense efforts are likely to be heavily tested. By working with private sector organizations to launch coordinated threat responses, federal agencies can better defend against known nation-state actors. Microsoft is committed to working with the federal government to safeguard our democratic norms and ensure fair elections for all.

To learn more about Microsoft’s Threat Intelligence capabilities, visit Microsoft Defender Threat Intelligence | Microsoft Security.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.