The apparent hack of ex-President Trump’s campaign, allegedly by Iranian bad actors, comes just as Microsoft is warning that threat groups from the country are preparing to launch campaigns aimed at interfering with the upcoming elections and weeks after the federal government said it expects to see such activities not just by Iran but also Russia and China.

And the country should expect more such attacks as the November elections draw nearer, according to cybersecurity professionals.

“Buckle up. Confirmed hack & leak of Trump Campaign sensitive documents. Initial response by Campaign suggests foreign sources,” Chris Krebs, former CISA director, wrote in a post on X (formerly Twitter). “Someone is running the 2016 playbook, expect continued efforts to stoke fires in society and go after election systems – 95% votes on paper ballots is a strong resilience measure, combined with audits. But the chaos is the point.”

Campaign Documents Sent Anonymously

The hack became public after Politico reported over the weekend that it began receiving documents from the Trump campaign via an anonymous account. The campaign cited the Microsoft report when putting the blame on Iran, noting that the report said a threat group connected with the Islamic Revolutionary Guard Corps “sent a spear phishing email in June to a high-ranking official on a presidential campaign from the compromised email account of a former senior advisor.”

The email included a link that sent traffic through a domain controlled by the group before routing it to a to the website. In the days following, the bad actors unsuccessfully tried to log into an account belonging to a former presidential candidate,” wrote Clint Watts, general manager of Microsoft’s Threat Analysis Center.

“These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process,” Trump spokesperson Steven Cheung told Politico.

The news site wrote that over several weeks, it receiving messages from someone using an anonymous AOL email account who identified themselves as “Robert.” The message contained internal communications from a senior Trump campaign official, including a dossier from February on Trump running mate JD Vance. Politico reported that two unnamed people “familiar with” the document said they were authentic.

Foreign interference of high-profile elections both in the United States and abroad has been a continuous concern for more than a decade, with Russia’s efforts in the 2016 elections putting the threat squarely in the public domain.

Russia Leads the Way

Krebs, who was fired by Trump as CISA director after the 2020 election, wrote on X that what the country is seeing is the “Russification of Iranian info ops! A nasty business; expanding & diversifying attempts to further divide Americans and disrupt democracy. Pink slime websites, hacking election officials, and targeting candidates.”

“What were seemingly novel, cutting edge playbook used by Russia in the 2016 election have now gone global,” he wrote. “Russia is still at it, China joining the fray. Actors here have also picked up parts of the playbook. We’re in the midst of a multi-front gray zone assault on the American mind.”

In its report, Microsoft noted that the Russians already have been active in their attempts to influence elections. However, Iranian threat groups in recent months have begun ramping up their own activities, with their operations being “notable and distinguishable from Russian campaigns for appearing later in the election season and employing cyberattacks more geared toward election conduct than swaying voters. Recent activity suggests the Iranian regime – along with the Kremlin – may be equally engaged in election 2024.”

It’s not new for Iran. According to Microsoft, the country has been a growing cyberthreat to U.S. elections over the last three cycles and has also attacked other countries. In addition, the Iranian government in the past has threatened retaliation against Trump after he ordered the assassination of Revolutionary Guard General Qassem Soleimani via a drone strike in 2020.

Multiple Iranian Groups Targeting Elections

Microsoft’s Watts wrote about an Iranian group that is launching fake news sites that target U.S. voters on both ends of the political spectrum. One site, called Nio Thinker, is aimed at left-leaning readers, insulting Donald Trum by calling him an “opioid-pilled elephant in the MAGA china shop” and a “raving mad litigiosaur.” Another, Savannah Time, calls itself a trusted source for conservative new in the Georgia city and focuses on such conservative hot-button issues like LGBTQ+ issues and gender reassignment.

He cited another Iranian group that has been working since March to set the groundwork for influence operations in the United States.

“We believe this group may be setting itself up for activities that are even more extreme, including intimidation or inciting violence against political figures or groups, with the ultimate goals of inciting chaos, undermining authorities, and sowing doubt about election integrity,” Watts wrote.

Federal Government Warns of Russia, Iran, China

In late July, the Office of the Director of National Intelligence (ODNI) released a report pointing to Russia, China, and Iran as the country’s most actively trying to influence politics and policies in the United States. The agency wrote that Russia “remains the predominant threat to U.S. elections,” while noting Iran’s “continuing efforts to fuel distrust in U.S. political institutions and increase social discord. Since our last update, the IC has observed Tehran working to influence the presidential election, probably because Iranian leaders want to avoid an outcome they perceive would increase tensions with the United States.”

The ODNI said China operatives are more likely focus on down-ballot candidates rather than the presidential election, similar to what they did in a number of 2022 midterm races involving candidates of both political parties. It added that they also are using social media to create divisions in the United States and portray democracies as chaotic.

Krebs agreed, writing that the “immediate tactical effectiveness” of such volume-based activities is unclear, but added that they’re still in their early days and that “chaos is the point.”

He also wrote that he is “taking this seriously & have it on good authority it’s the real deal. You should too. You might not like the victim here, but the adversary gives zero Fs who you like or don’t like. They have their own objectives and guess what, you’re the target. Take this seriously.”

In addition, Krebs told readers to “keep in mind that you’re part of the playbook, they want you to either amplify it or doubt it. Take a beat, touch grass as the kids say, & just vote. American voters decide American elections. Let’s keep it that way.”