An Iranian hacking group, linked to the Islamic Revolutionary Guard Corps and referred to as Cotton Sandstorm by Microsoft, is reportedly scanning U.S. election-related websites and media outlets as Election Day approaches.
A blog published by Microsoft on Wednesday indicates that this activity may signal preparations for more direct influence operations.
The group has conducted reconnaissance and limited probing of various election-related sites in several unnamed swing states. In May, they also targeted an unidentified U.S. news outlet to assess its vulnerabilities.
Researchers highlighted that Cotton Sandstorm is expected to ramp up its activities as the election draws nearer, given its operational history of election interference. This is particularly concerning due to the group’s past efforts.
In response to the allegations, a spokesperson for Iran’s mission to the United Nations called the claims “fundamentally unfounded” and stated that Iran has “neither motive nor intent to interfere in the U.S. election.”
Cotton Sandstorm was involved in a cyber-enabled influence operation during the 2020 presidential election, posing as members of the right-wing “Proud Boys.” They sent threatening emails to Florida residents, urging them to “vote for Trump or else!” The group also released a video claiming to show their probing of an election system. Although this operation did not affect voting systems directly, it aimed to instill chaos and confusion.
Following the 2020 election, the group executed another operation that incited violence against U.S. election officials who had dismissed claims of widespread voter fraud, Microsoft reported.