U.S. authorities have identified ongoing attempts by Iranian cyber actors to disrupt the electoral process through hacking, disinformation, and website interference.

Who is behind the attack?

The activity is attributed to Iranian advanced persistent threat (APT) actors—groups known for state-aligned, long-term cyber operations targeting U.S. infrastructure and institutions.

What is the goal of the attackers?

Their primary aim is to influence voter perception, create confusion, and undermine public trust in the legitimacy and security of the U.S. electoral system.

How was the attack carried out?

Attackers exploited software flaws, sent deceptive phishing emails, manipulated public websites, and spread false stories via spoofed news outlets and social media.

Were specific people or systems targeted?

Yes, election-related infrastructure, public-facing websites, media content systems, and voter data were all targeted or exploited in this campaign.

Why are election systems attractive targets?

Elections are central to democracy, and undermining them can erode public confidence, polarize citizens, and serve foreign geopolitical interests.

What can organizations do to protect themselves?

Regularly update systems, train staff to recognize phishing, monitor for suspicious activity, and verify the integrity of public-facing information.

Is this a widespread issue or a targeted one?

While targeted, the techniques used (like phishing and disinformation) can have wide-reaching effects, impacting public perception nationally—even beyond the systems directly attacked.

Threats Feed|Unknown|Last Updated 19/06/2025|AuthorCertfa Radar|Publish Date22/10/2020

Cyber Threats from Iranian APT Actors to U.S. Electoral Integrity

Actor Motivations: Disinformation,Sabotage
Attack Vectors: DDoS,Cross-Site Scripting,Defacement,SQL injection,Vulnerability Exploitation
Attack Complexity: Medium
Threat Risk: High Impact/High Probability

Threat Overview

Iranian APTs are suspected of attempting to disrupt the U.S. electoral process to undermine public confidence and create discord among voters. These activities have included the creation of fictitious and spoofed media sites to distribute misinformation about voter issues, utilizing voter-registration data, and spreading anti-American sentiments. The APT groups have exploited critical vulnerabilities such as CVE-2020-5902 and CVE-2017-9248, impacting VPNs and content management systems, to conduct distributed denial-of-service (DDoS) attacks, SQL injection attacks, spear-phishing campaigns, website defacements, and disinformation campaigns.

Reference and Credit: CISA - October 2020

Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems

Detected Targets

Type	Description	Confidence
Sector	Government Agencies and Services	Verified
Region	United States	Verified

Exploited Vulnerabilities

NIST NVD: CVE-2017-9248

NIST NVD: CVE-2020-5902

FAQs

Iranian Cyber Threats to U.S. Election Systems

: U.S. authorities have identified ongoing attempts by Iranian cyber actors to disrupt the electoral process through hacking, disinformation, and website interference.
: The activity is attributed to Iranian advanced persistent threat (APT) actors—groups known for state-aligned, long-term cyber operations targeting U.S. infrastructure and institutions.
: Their primary aim is to influence voter perception, create confusion, and undermine public trust in the legitimacy and security of the U.S. electoral system.
: Attackers exploited software flaws, sent deceptive phishing emails, manipulated public websites, and spread false stories via spoofed news outlets and social media.
: Yes, election-related infrastructure, public-facing websites, media content systems, and voter data were all targeted or exploited in this campaign.
: Elections are central to democracy, and undermining them can erode public confidence, polarize citizens, and serve foreign geopolitical interests.
: Regularly update systems, train staff to recognize phishing, monitor for suspicious activity, and verify the integrity of public-facing information.
: While targeted, the techniques used (like phishing and disinformation) can have wide-reaching effects, impacting public perception nationally—even beyond the systems directly attacked.

About Affiliation

Unknown

Associate threats