2024 US Presidential Election Cyber Intrusion: Part 4 - Rising Hacktivist Threats

Part 4 of a series that will analyze critical cyber security aspects during the countdown  to the 2024 US Presidential Election, beginning with Nation State Threat Actors, then Covert Influence Operations, Hactivism and Cybercrime.


Russian Hacktivism
As the US is a critical member of the NATO alliance supporting Ukraine against the ongoing Russian invasion, the US presidential election will likely be targeted by pro-Russian hacktivists.

They will likely seek to disrupt the US public sector on the day of the election itself, a phenomenon that we in Quorum Cyber have witnessed with other high-profile elections throughout 2024, including the UK General Election, the European Parliament Election and more recently, the Austrian Legislative Election.

At Quorum Cyber, we have also assessed that hacktivist collectives that are ideologically aligned with the Kremlin will likely attempt to dox election officials, political party candidates, and journalists within the US. Their aim is to publicize private or personal information on the Internet to intimidate or embarrass targets as part of a broader campaign of protesting against US foreign policy with regards to its support for Ukraine. There is a realistic possibility that these efforts would extend to ‘hack-and-leak” operations involving a two-step process to compromise victims and subsequently release extracted data with the intention to influence a target set.

Politically motivated hacktivists have a history of focusing on election related targets. It should be noted that these offensive efforts are often sporadic and tend to be amplified by foreign conflicts or controversial domestic issues that typically have less impact than other attack vectors, often involving the temporary disruption of target websites.

However, the threat of Russian hacktivism will likely be intensified with a recent trend that the Quorum Cyber Threat Intelligence team has detected of the Russian government likely combining its kinetic and cyber warfare capabilities to enhance its offensive efforts against Ukraine. This has recently crossed over into the hacktivism domain with the Moscow state-sponsored cyber actor Seashell Blizzard masquerading as the ‘Cyber Army of Russia Reborn’ hacktivist group in what we have assessed to likely be a smoke screen for more sophisticated efforts against Kyiv and supporting NATO states in retaliation to ongoing support for Ukraine.

Palestinian Hacktivism

To align with Iran’s interests of retaliating against the US withdrawal from the Iranian nuclear accords as well as support for Israel throughout the ongoing Middle East conflict, pro-Palestinian hacktivists will likely target the US presidential election to disrupt the western democratic process. As with other collectives, the attack chains of pro-Palestinian hacktivists involve a combination of DDoS attacks as well as web defacement efforts and doxing. However, hack-and-leak operations tend to be emphasized more as a primary attack vector. Pro-Iran disruptive or hack-and-leak efforts previously targeted the 2020 US election an incident that was linked to the Iranian cyber company Emennet Pasargad.

The Quorum Cyber Threat Intelligence team has recently detected two significant trends within the pro-Palestinian hacktivist threat landscape that could be relevant for the US presidential election. The first has involved the emergence of a “faketivist” phenomenon whereby Iranian nation-state sponsored cyber units have leveraged pro-Palestinian hacktivist personas as a front for more sophisticated state-level attacks. This initially manifested in November 2023 when the ‘CyberAv3ngers’ targeted Israeli-made equipment utilized by the US utilities sector. The second has involved Russian and pro-Palestinian threat actors collaborating in cyberspace, likely coinciding with strengthening geopolitical relations between Russia and Iran due to their ongoing economic and military cooperation, with both countries being heavily sanctioned by the democratic west. 

These attacks will likely be aggravated further following the US Secretary of State, Antony Blinken, announcing further sanctions against Iran on September 10th. These were imposed in response to Tehran sending Fath-360 short-range ballistic missile systems to Moscow that will likely be used against Ukraine as Russia continues its mission of gaining further territory in Eastern Europe. Although Russia has a range of ballistic missiles at its disposal, the supply of Iranian missiles will allow the Kremlin to prioritise more of its weapon store for targets further from the front line.

Taking these factors into account, the threat of hacktivists targeting the US presidential election will likely be heightened and will be further intensified by operations launched in retaliation to the following recent developments within US foreign affairs relating to the ongoing Middle East conflict:   

  • The US government has proscribed Hamas, Hezbollah, and other Middle East militant groups as terrorist organizations.
  • The US participated in the Operation Prosperity Guardian military coalition  to protect Red Sea shipping from attacks by the Yemeni Houthi Rebel Faction.

TO BE CONTINUED

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber specializing in strategic and geopolitical intelligence.

Image: Andrii Shyp

You Might Also Read:

2024 US Presidential Election: Nation State Cyber Threats:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« BRICS Summit: Russia's Foreign Ministry Attacked
Online Killer Sentenced To Life In Jail »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

Datiphy

Datiphy

Datiphy's data-centric security platform uses behavioral analytics, and data-centric auditing and protection capabilities to mitigate risk.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Zeusmark

Zeusmark

Zeusmark are a digital brand security company. We enable companies to successfully defend their brands, revenue and consumers online.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Sendmarc

Sendmarc

Sendmarc automates the process of protecting your domain from being used in email impersonation and phishing attacks.

Cenobe Cyber Security

Cenobe Cyber Security

Cenobe provides customized solutions to keep you ahead of potential threats and ensure the security of your organization's systems and data.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.