Foreign operatives targeted the midterm elections with a variety of efforts that included pushing fake news stories in a bid to inflame Americans’ deep-seated political divisions, according to new research into nation-state hacking activities.
But the research from the firm Mandiant, which is owned by Google, found that the efforts by Chinese, Iranian and Russian-aligned operatives were limited in scope, sometimes sloppy and possibly designed to send a message that American’ adversaries will continue trying to tamper with U.S. democracy.
The findings also underscore that is has become much more difficult for nation-state hackers and digital spies to deploy influence operations that gain widespread traction like Moscow’s plan to undermine the 2016 U.S. presidential elections.
Nevertheless, the researchers said, the efforts remain alarming and require the continued vigilance of social media platforms and the public at large.
The Mandiant researchers noted that operatives employed well-worn tactics to exploit controversial issues “to widen existing political divisions within the country, or alternatively targeted specific contested election races, which are likely to receive the highest degree of attention.”
The interference operations had slightly different characteristics, too, depending on the state-aligned effort. A series of pro-Russian “hacktivist” groups, for instance, claimed multiple DDoS attacks on U.S. entities on Election Day.
EvenPolitics, a website Mandiant had previously found to be an operation that supports Iranian political interests, published election-related articles plagiarized from news outlets such as Business Insider, The Guardian, The Hill and Newsweek. And two ongoing pro-Chinese information operations — dubbed “Dragonbridge” and “HaiEnergy” — ran “articles” pushing certain election-related messages, the researchers reported.
Before the election, Mandiant researchers said a Chinese operation was “aggressively targeting the United States” across a variety of fronts. The activity marked a continued escalation from the 2020 U.S. elections, during which top U.S. intelligence officials assessed that Chinese leaders could have worked to influence the election but chose not to.
But other operations were cruder, the researchers noted, such as when a Dragonbridge effort repurposed an article targeting U.S. Sen. Ted Cruz, R-Texas, to attack Sen. Marco Rubio, R-Fla., swapping out only the name but not key biographical details.
The Russian operations highlighted Monday by the researchers had a distinct trollish vibe. One account with the now inaccessible “news” site “Newsroom for American and European Based Citizens” (NAEBC) posted a message after the election seemingly mocking the term “Russian Trolls.”
The day before the November election, Yevgeny Prigozhin, the Russian oligarch behind the Internet Research Agency troll farm infamous for election interference work, told reporters that Russia had and would continue to interfere in U.S. elections. Russian-backed news outlet RT wrote that Prigozhin was clearly trolling U.S. media, and the Mandiant researchers said Monday it was part and parcel of the general Russian-aligned approach to the midterms.
Overall, the various efforts did not appear to be “significant in terms of impact,” the researchers noted, although measuring impact in this context is “notoriously difficult.” But that doesn’t mean the operations are not worth understanding.
“In aggregate, such activity shows that U.S. elections not only continue to provide an attractive target for various state-aligned actors but are deemed to be within the acceptable risk threshold,” the researchers wrote. “Multiple information operations also involved flagrant activity seemingly intended to advance the narrative that foreign influence was occurring.”