Iranian Hacker Group Cotton Sandstorm Integrating AI into Cyber Influence Operations

Cotton Sandstorm, an Iranian hacking group affiliated with Iran's Islamic Revolutionary Guard Corps, has been actively conducting reconnaissance and limited probing of multiple election-related websites in several unnamed US battleground states as the 2024 presidential election approaches. In May 2024, the group also scanned vulnerabilities in an unidentified US news outlet. Microsoft researchers warn that the group will likely increase its activity as Election Day nears, given its operational tempo and history of election interference. This is the same group that previously interfered in the 2020 US presidential election by posing as the far-right 'Proud Boys' and sending threatening emails to Florida voters, as well as releasing fake videos purporting to show election system vulnerabilities. The group has also been observed using generative AI tools including voice changers, image generators, and AI photo enhancers for their operations. US and Israeli agencies report that Cotton Sandstorm has been operating under the cover company name Aria Sepehr Ayandehsazan (ASA) since mid-2024 and has expanded its targeting beyond just the US to include France, Sweden, and the 2024 Paris Olympics. Iran's mission to the United Nations has denied these allegations, stating that Iran has no motive or intent to interfere in US elections.