With more than 2 billion voters ready to cast a vote this year across 60 plus nations -including the U.S., U.K. and India - Russian state hackers are posing the biggest cyber threat to election security, researchers said. Google-owned Mandiant in a detailed report stated with “high confidence” that Russian state-sponsored cyber threat activity poses the greatest risk to elections in regions with Russian interest.

“Multiple Russian groups have targeted past elections in the U.S., France, and Ukraine, and these groups have continued to demonstrate the capability and intent to target elections both directly and indirectly,” Mandiant said.

Why Russia is the Biggest Cyber Threat to Election Security

Russia's approach to election interference is multifaceted, blending cyber intrusion activities with information operations aimed at influencing public perceptions and sowing discord. State-sponsored cyber threat actors, such as APT44, better known as the cyber sabotage unit Sandworm, and APT28 have a history of targeting elections in the U.S., and Europe. These actors employ hybrid operations, combining cyber espionage with hack-and-leak tactics to achieve their objectives. The 2016 U.S. presidential election is a prime example of Russia's cyber interference capabilities, as per Mandiant. APT28, linked to Russia intelligence unit - the GRU, compromised Democratic Party organizations and orchestrated a leak campaign to influence the election's outcome. Similarly, in Ukraine, APT44 conducted disruptive cyber operations during the 2014 presidential election, aiming to undermine trust in the electoral process. Jamie Collier, Mandiant senior threat intelligence advisor said, “One group to watch out for is UNC5101 that has conducted notable hybrid operations in the past.” Mandiant reports UNC5101 engaging in cyber espionage against political targets across Europe, Palestinian Territories, and the U.S. The actor has also used spoofed Ukrainian government domains to spread false narratives directly to government employees' inboxes. Before Russia's 2023 and 2024 elections, UNC5101 registered domains related to opposition figures like Alexei Navalny and conducted likely information operations to deceive voters. Russian state-aligned cyber threat actors target election-related infrastructure for various reasons including applying pressure on foreign governments, amplifying issues aligned with Russia's national interests, and retaliating against perceived adversaries. Groups like APT28 and UNC4057 conduct cyber espionage and information operations to achieve these objectives, Mandiant said.

Beijing’s Interest in Information Operations

Collier noted that state threats to elections are far more than just a Russia problem.

“For instance, we have seen pro-China information operations campaigns carry out election-related activity in the US, Taiwan, and Hong Kong,” Collier said.

China's approach to election cybersecurity focuses on intelligence collection and influence operations that promote narratives favorable to the Chinese Communist Party (CCP). State-sponsored actors like TEMP.Hex have targeted elections in Taiwan, using cyberespionage to gather critical information and using information operations to shape public discourse, Mandiant’s analysis found. In the lead-up to Taiwan's 2024 presidential election, Chinese threat actors intensified cyber espionage activities, targeting government, technology, and media organizations. Concurrently, pro-PRC information operations sought to discredit candidates perceived as unfriendly to China, using fabricated leaks and disinformation campaigns to sway public opinion, which even the Taiwanese government confirmed.

Watch-Out for Iran’s Espionage and Influence Campaigns

Iranian state hackers are another group of threat actors to keep an eye on for their cyber espionage and influence campaigns, Mandiant noted.

“[Irans’s] campaigns will rise as elections approach in key nations of interest to the Islamic Republic, such as counterparts in the currently stalled nuclear negotiations, and countries offering support to Israel during current fighting in Gaza,” Mandiant said.

During the 2020 U.S. presidential election, Iran attempted to compromise state voter registration websites and disseminate false information. The U.S. Department of Justice charged two Iranian nationals in 2021 for their involvement in this campaign. Pro-Iranian influence campaigns, including Liberty Front Press and Roaming Mayfly, target global audiences with anti-U.S. and anti-Israeli propaganda, amplifying partisan divisions and fostering distrust in democracies, Mandiant said.

Diverse Targets Multiple Vectors

Securing elections requires protecting not only voting machines and voter registries but also a wide range of entities involved in the electoral process. Political parties, news media, and social media platforms are frequent targets of cyber operations, which also comes under the attack surface of elections. [caption id="attachment_65433" align="aligncenter" width="551"] Credit: Mandiant[/caption] Cyber threat actors are increasingly employing hybrid operations, combining multiple tactics to amplify their impact. Examples from past elections, such as the Ukrainian presidential election in 2014, illustrate how they are using a combination of cyber intrusions, data leaks, and DDoS attacks to disrupt electoral processes. Owing to this Mandiant detailed likely threat vectors that could be used in the upcoming election season: [caption id="attachment_65432" align="aligncenter" width="819"] Credit: Mandiant[/caption] The threats posed by Russian, Chinese, and Iranian state actors to election cybersecurity are complex and multifaceted. By understanding the tactics and objectives of these actors, election organizations can develop effective mitigation strategies to safeguard democratic processes. However, addressing these threats requires a concerted effort involving international cooperation and a commitment to upholding the integrity of democratic elections worldwide. In-line with this, the U.S. agencies recently released guidance to defending the integrity of democratic processes. The guidance extensively details common tactics seen in foreign malign influence operations, offering real-world instances and suggesting possible countermeasures for stakeholders in election infrastructure. Though many of these tactics aren't new, the widespread use of generative artificial intelligence (AI) has notably amplified adversaries' ability to produce and spread persuasive malicious content, the guidance said. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

India is currently hosting its general elections, spanning from April 19 to June 1, 2024, across seven phases to elect 543 members to the Lok Sabha, the lower house of India’s Parliament. Amidst this pivotal democratic India elections 2024, the integrity of the electoral process is under threat from a spectrum of cybersecurity challenges. These threats range from international cyberattacks targeting the election's infrastructure to domestic insiders undermining the system. As the world's largest democracy conducts its elections, the occurrence and sophistication of these cyber threats have intensified. The election battleground is also witnessing an unprecedented use of AI-generated content and deepfakes by political entities and foreign agents, heightening tensions and manipulating public perception. This article delves into the complex cybersecurity landscape of the elections in India, examining the impact of technological exploitation, foreign interference, and internal political strife on the nation's democratic foundations.

India Elections 2024: Experts Warns a 'Year of Deception'

The ongoing elections in India are proving to be exceptionally challenging, with cybersecurity experts predicting a tumultuous voting session. The integrity of the voting process is deeply compromised by the widespread use of deepfakes and the dissemination of false information generated by artificial intelligence. While India is using its own set of cybersecurity measures to combat AI-generated misinformation, Meta recently created a dedicated fact-checking helpline on WhatsApp in collaboration with the Misinformation Combat Alliance (MCA). This initiative aims to empower users to identify and flag deepfakes, offering support in multiple languages, including English, Hindi, Tamil, and Telugu.  Industry leaders in cybersecurity, such as IBM and McAfee, are highlighting the significant challenges that India is expected to face in the ongoing elections in India. The rapid advancement of AI technology provides cybercriminals with powerful tools like deepfakes, voice cloning, and advanced malware, increasing the complexity of threats to the electoral process. The potency of artificial intelligence (AI) in the hands of cybercriminals was highlighted by Pratim Mukherjee, senior director of engineering at McAfee, who also emphasizes the urgent need for proactive cybersecurity solutions to reduce the risks posed by developing threats. Additionally, amid one of the most contentious election seasons in India, Kerala Legislative Assembly Leader of the Opposition VD Satheesan has called for the dismissal of cases about a deepfake video that purports to be directed at CPM leader KK Shailaja. Implying a link between CPM and BJP in the state, he charges CPM leaders of disseminating false information and attacks the government's management of police operations during the annual Hindu temple festival Thrissur Pooram. Thrissur Pooram is an annual Hindu festival held in Kerala, India. It's one of the largest and most colorful temple festivals in India, attracting large crowds and significant media attention.

India Elections 2024: Foreign Interference and Insider Threats

Foreign interference poses another set of threats to the integrity of the Indian electoral process. Chinese hackers, in particular, have been identified as potential adversaries seeking to manipulate public opinion and influence election outcomes.  According to a report by Microsoft, Chinese hackers and influence operatives, along with North Korean agents, may seek to interfere with the electoral process in India and other high-profile elections globally. The use of AI-generated content to sway public opinion is another large risk faced by Indian cybersecurity, however, this is not the only thing that is eroding the integrity of the 2024 general India election.  The 2024 Indian election is facing another threat from domestic political rivalries, with allegations of cyberattacks and misinformation campaigns emerging from within India. The Vadakara Lok Sabha constituency exemplifies this phenomenon, with both the CPI(M) and the Congress accusing each other of launching vicious cyberattacks. The CPI(M), or Communist Party of India (Marxist), and the Congress are major political entities in India. The escalation of these allegations to the Election Commission complicates the decision-making of the general public as misinformation influences the choices made by voters. Previously, in a similar vein, the attempted hack on the website of the Ram Mandir during the Pran Pratishtha ceremony is another reminder of the cybersecurity challenges faced by India's cultural and religious institutions while conducting the upcoming elections. The Ram Mandir refers to a new temple being constructed in Ayodhya, a site of historical and religious significance, and a focal point of long-standing and sometimes contentious political and religious debates in India.

The Cyberattack on Indian Culture: What to Expect and How to Protect?

These incidents highlight the vulnerability of e-platforms to cyberattacks, raising concerns about the broader implications for cybersecurity in the country. As India's cultural and religious heritage intersects with the ongoing 2024 India elections, the need for better cybersecurity measures cannot be ignored.  To strengthen cybersecurity defenses, proactive steps and group efforts are essential as India battles the threat of cyberattacks on several fronts. To reduce the risks associated with foreign meddling and AI-generated disinformation, cooperation between government agencies, cybersecurity professionals, and tech businesses is vital. Campaigns for public awareness can be quite effective in informing the public about the risks posed by false information and the value of being vigilant in the digital era. The cybersecurity measures in the 2024 Indian elections are set to capture global attention, as the threat of cyberattacks is significant. Protecting the integrity of the electoral process will demand a unified effort from all involved parties. Through the strategic use of technology and collaborative initiatives, India aims to confront cybersecurity challenges and maintain democratic integrity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.