Iran has become a significant foreign threat to the US election, displaying a high level of aggression. In July, U.S. intelligence officials provided a unique briefing to media reporters regarding foreign threats to the election. They reiterated their previous warnings that Russia poses a significant threat to the November vote. According to officials, Iran is seen as a potential disruptor in the election, seeking to fuel social tensions and create chaos.

Just weeks later, though, intelligence officials organized another briefing and delivered a different message. There was a shift in their evaluation of Iran: They now believed that Tehran’s intentions went beyond causing chaos and extended to damaging Donald Trump’s candidacy, similar to their actions four years ago. According to officials, Iran was making efforts to directly engage Americans in its influence operations and even offering financial support for Gaza protests on college campuses. They relied on extensive networks of online personas and propaganda mills to spread disinformation.

Now, the danger presented by Tehran seems even more serious, despite its lack of sophistication. Over the weekend, the Trump campaign reported a cyber attack from external sources with ill intentions towards the United States. The campaign has connected this breach to Iran. An unidentified individual who went by the name “Robert” had provided journalists from various media outlets with what appeared to be confidential files from the Trump campaign. The intention behind this act was to have the information released to the public.

The White House had no knowledge of the hack-and-leak campaign until Politico’s report on Saturday, which provided a detailed account of the breach, according to two administration officials. The Biden administration has yet to officially determine who is responsible. The Federal Bureau of Investigation has acknowledged its knowledge of public reports but has chosen not to provide any additional comments. The White House is not always promptly notified when intelligence or law enforcement investigations into such matters commence.

Confirmation of the hack and the alleged involvement of hackers linked to Iran in attempting to launder the stolen goods through reporters serves as further evidence of Iran’s strong and persistent desire to interfere in the 2024 election, according to former officials and security experts. It was reported a day after Microsoft released threat research that outlined various attempts by Iran to interfere with the election. These efforts included hacking attempts on an undisclosed presidential campaign starting in June, which were linked to Iran’s Islamic Revolutionary Guard Corps. The Trump campaign cited that research to support its argument for attributing blame to Iran.

According to Clint Watts, the general manager of the Microsoft Threat Analysis Center, cyber groups linked to Iran have been intensifying their efforts to influence elections on multiple fronts in recent weeks. The tactics observed involved the utilization of covert news sites powered by artificial intelligence to specifically target voters. Additionally, there were separate endeavors to incite violence against political figures and sow seeds of doubt regarding the integrity of the election.

“In a recent blog post, Watts highlighted the efforts made by certain individuals to lay the foundation for influence campaigns targeting election-related subjects. These campaigns have now been set into motion, with the apparent intention of generating controversy or influencing voters, particularly in swing states,” Watts explained. “Furthermore, they have initiated activities that Microsoft believes are aimed at gathering information on political campaigns and potentially influencing future elections.”

In the midst of an election season filled with unexpected events, Iran has emerged as a prominent foreign adversary, actively and seriously attempting to disrupt the contest. This comes after an assassination attempt against Trump and President Biden’s recent decision not to seek re-election. Furthermore, federal prosecutors and other officials have linked Iran to an additional plot to assassinate Trump, in addition to the cyber-enabled election influence operations. Former Secretary of State Mike Pompeo, along with other officials, has had their security protection renewed by U.S. officials due to concerns of potential harm from Iran. This comes after Pompeo’s involvement in the assassination of Iran’s Qassem Soleimani.

Many believe that the Kremlin is highly skilled in covert propaganda compared to Tehran, and has greater resources and technological expertise. According to U.S. intelligence officials, it was revealed in their July media briefings that Russia had a strong determination to carry out an extensive influence campaign on the election. Their motivation was to sway voters away from supporting the Democratic Party and towards favoring Trump. According to intelligence officials, the Kremlin’s decision-making is primarily based on the belief that Democrats will steadfastly back Ukraine.

However, Iran has shown a significant interest in disrupting the election, despite being involved in regional conflicts that have the potential to escalate into a larger conflict in the Middle East. “The regime is already attempting to assassinate Trump and former senior members of his administration, so it should come as no surprise that it would resort to hacking the campaign in an attempt to influence the election,” stated Rich Goldberg, a former Trump National Security Council official who is currently affiliated with the Foundation for Defense of Democracies, a prominent Washington think tank.

Sean Savett, a spokesperson for the National Security Council, declined to comment on the issue and instead referred to the Justice Department. However, he emphasized that the Biden-Harris Administration firmly denounces any foreign government or entity that tries to meddle in our electoral process or undermine trust in our democratic institutions.

The Trump campaign did not respond to a request for comment regarding how Iran obtained access to its materials or whether the Republican nominee’s team notified law enforcement. Trump, on the other hand, has directly accused Iran of being responsible, expressing on Truth Social that “one of our numerous websites was hacked by the Iranian Government—Not a pleasant action to take!”

The unexpected turn of events brings to mind the 2020 election, where Russia was considered the primary foreign threat by U.S. intelligence officials. This assessment was based on their previous success in 2016 and several indications that hackers were targeting campaigns and American political groups.

However, towards the end of that campaign, officials were privately surprised to find that Moscow had been relatively quiet, while Iran had increased its interference ambitions. The actions were highly alarming, leading to a rare public warning by top intelligence officials during the election cycle. The officials revealed that a series of intimidating emails sent to American voters were traced back to Iran.

Cybersecurity experts and former U.S. officials noted that Iran is currently making efforts to replicate the achievements of Russia’s interference operations in 2016, although in a less sophisticated manner. “Hack-and-leak is a significant challenge in the realm of influence operations,” stated Thomas Rid, a renowned disinformation expert and professor of strategic studies at Johns Hopkins University. He emphasized their remarkable effectiveness in capturing public attention and the difficulty in effectively countering them. However, Rid warned against overestimating the Iranians. “The Iranian surfacing attempt was quite outdated, with the intention of deceiving a journalist into covering a pre-planned story. However, it was also quite inept,” he remarked.

Iranian hackers have become highly skilled in spear-phishing campaigns. These cyberattacks are specifically aimed at deceiving the victim into revealing their online credentials, often through email or messaging apps. “They are quite sophisticated and incredibly persistent,” remarked Steven Adair, the president of Volexity, a cybersecurity firm. The hackers will assume false identities, such as a professor or a journalist, and engage in lengthy email exchanges. Next comes the spear-phish: frequently, it involves a shared document that prompts the target to sign in to a counterfeit phishing site resembling that of Microsoft or Google. “After exchanging emails for an extended period of time, one tends to let their guard down,” Adair remarked. According to Adair, once the Iranian hackers manage to infiltrate online accounts, they usually pilfer the victims’ data. However, he has never witnessed any attempts by them to disclose the information afterwards.