2024 US Presidential Election Cyber Intrusion: Part 4 - Rising Hacktivist Threats

Part 4 of a series that will analyze critical cyber security aspects during the countdown  to the 2024 US Presidential Election, beginning with Nation State Threat Actors, then Covert Influence Operations, Hactivism and Cybercrime.


Russian Hacktivism
As the US is a critical member of the NATO alliance supporting Ukraine against the ongoing Russian invasion, the US presidential election will likely be targeted by pro-Russian hacktivists.

They will likely seek to disrupt the US public sector on the day of the election itself, a phenomenon that we in Quorum Cyber have witnessed with other high-profile elections throughout 2024, including the UK General Election, the European Parliament Election and more recently, the Austrian Legislative Election.

At Quorum Cyber, we have also assessed that hacktivist collectives that are ideologically aligned with the Kremlin will likely attempt to dox election officials, political party candidates, and journalists within the US. Their aim is to publicize private or personal information on the Internet to intimidate or embarrass targets as part of a broader campaign of protesting against US foreign policy with regards to its support for Ukraine. There is a realistic possibility that these efforts would extend to ‘hack-and-leak” operations involving a two-step process to compromise victims and subsequently release extracted data with the intention to influence a target set.

Politically motivated hacktivists have a history of focusing on election related targets. It should be noted that these offensive efforts are often sporadic and tend to be amplified by foreign conflicts or controversial domestic issues that typically have less impact than other attack vectors, often involving the temporary disruption of target websites.

However, the threat of Russian hacktivism will likely be intensified with a recent trend that the Quorum Cyber Threat Intelligence team has detected of the Russian government likely combining its kinetic and cyber warfare capabilities to enhance its offensive efforts against Ukraine. This has recently crossed over into the hacktivism domain with the Moscow state-sponsored cyber actor Seashell Blizzard masquerading as the ‘Cyber Army of Russia Reborn’ hacktivist group in what we have assessed to likely be a smoke screen for more sophisticated efforts against Kyiv and supporting NATO states in retaliation to ongoing support for Ukraine.

Palestinian Hacktivism

To align with Iran’s interests of retaliating against the US withdrawal from the Iranian nuclear accords as well as support for Israel throughout the ongoing Middle East conflict, pro-Palestinian hacktivists will likely target the US presidential election to disrupt the western democratic process. As with other collectives, the attack chains of pro-Palestinian hacktivists involve a combination of DDoS attacks as well as web defacement efforts and doxing. However, hack-and-leak operations tend to be emphasized more as a primary attack vector. Pro-Iran disruptive or hack-and-leak efforts previously targeted the 2020 US election an incident that was linked to the Iranian cyber company Emennet Pasargad.

The Quorum Cyber Threat Intelligence team has recently detected two significant trends within the pro-Palestinian hacktivist threat landscape that could be relevant for the US presidential election. The first has involved the emergence of a “faketivist” phenomenon whereby Iranian nation-state sponsored cyber units have leveraged pro-Palestinian hacktivist personas as a front for more sophisticated state-level attacks. This initially manifested in November 2023 when the ‘CyberAv3ngers’ targeted Israeli-made equipment utilized by the US utilities sector. The second has involved Russian and pro-Palestinian threat actors collaborating in cyberspace, likely coinciding with strengthening geopolitical relations between Russia and Iran due to their ongoing economic and military cooperation, with both countries being heavily sanctioned by the democratic west. 

These attacks will likely be aggravated further following the US Secretary of State, Antony Blinken, announcing further sanctions against Iran on September 10th. These were imposed in response to Tehran sending Fath-360 short-range ballistic missile systems to Moscow that will likely be used against Ukraine as Russia continues its mission of gaining further territory in Eastern Europe. Although Russia has a range of ballistic missiles at its disposal, the supply of Iranian missiles will allow the Kremlin to prioritise more of its weapon store for targets further from the front line.

Taking these factors into account, the threat of hacktivists targeting the US presidential election will likely be heightened and will be further intensified by operations launched in retaliation to the following recent developments within US foreign affairs relating to the ongoing Middle East conflict:   

  • The US government has proscribed Hamas, Hezbollah, and other Middle East militant groups as terrorist organizations.
  • The US participated in the Operation Prosperity Guardian military coalition  to protect Red Sea shipping from attacks by the Yemeni Houthi Rebel Faction.

TO BE CONTINUED

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber specializing in strategic and geopolitical intelligence.

Image: Andrii Shyp

You Might Also Read:

2024 US Presidential Election: Nation State Cyber Threats:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« BRICS Summit: Russia's Foreign Ministry Attacked
Online Killer Sentenced To Life In Jail »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TrustedSec

TrustedSec

TrustedSec is an information security consulting services, providing tailored solutions and services for small, mid, and large businesses.

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

Center for Internet Security (CIS)

Center for Internet Security (CIS)

CIS is a nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

CertiK

CertiK

CertiK uses rigorous Formal Verification technology to provide hacker-resistant smart contract and blockchain audits, thorough penetration testing, and customized security integrations.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.