While the Trump administration often mentioned Iran among cyber adversaries suspected of seeking to disrupt U.S. elections, the focus had been primarily on China and Russia.
Now, the Islamic Republic is emerging as a prime target for President Donald Trump in the final days before the Nov. 3 election over an alleged Iranian email campaign to intimidate voters and incite social unrest. In a public announcement late Wednesday, U.S. Director of National Intelligence John Ratcliffe described Iran's efforts, elevating the Islamic Republic as a more prominent suspect in efforts to disrupt the American political process.
The emails, claiming to be from the right-wing Proud Boys group, threatened Democratic voters with violence if they didn't change their party affiliation and voted for Trump on election day.
Iran was also distributing a video that sought to imply that fraudulent ballots were being mailed from overseas in a bid to interfere with the elections, Ratcliffe said. In addition, Iran and Russia had managed to collect voter registration material, which was available online, and that Tehran used to deploy emails to Americans in an attempt to "convey misinformation," he said.
Google also identified an operation linked to Iran that "sent inauthentic emails to people in the U.S. over the past 24 hours," a spokesperson said. For Gmail users, spam filters stopped 90% of the approximately 25,000 emails sent, the spokesperson said, suggesting the attack wasn't particularly effective.
But with voters nerves already frayed, the administration's handling of the episode also raises questions. Ratcliffe said the Iranian operation was meant to hurt the president, which is far from clear based on the contents of the video and emails. And aspects of the Iranian effort seem somewhat ham-handed compared to Russia's election meddling campaign in 2016.
Yet the Iranian email effort, even with some of the messages getting caught by spam filters, shows that a relatively minor operation can still create a sense of turmoil.
Iranian officials rejected the U.S. allegations. "These accusations are nothing more than another scenario to undermine voter confidence in the security of the U.S. election, and are absurd," Alireza Miryousefi, a diplomat at the Iranian mission to the United Nations, said in a statement.
Cyber researchers with expertise in Iranian politics contend the operation fits Iran's agenda of supporting the campaign of Democratic challenger Joe Biden. These hackers weren't trying to scare off Democrats, but instead further vilify Trump's base, said Paul Prudhomme, cyber threat intelligence adviser at the cyber research firm, IntSights.
Iran has been turning up its cyber spigot on the Trump administration since it pulled the U.S. out of a multinational nuclear accord with Iran in May 2018. Since then, Treasury Department officers have been targeted by Iranian social engineering campaigns. While Iran's cyber capabilities pale in comparison to Russia's, they still aspire to "do to Trump what the Russians did to Hillary Clinton in 2016," Prudhomme said.