Federal officials claim that Iranian threat actors are behind two separate email campaigns that assailed Democratic voters this week with threats to “vote for Trump or else.” The campaigns claimed to be from violent extremist group Proud Boys.
Two specific email campaigns — one on Tuesday Oct. 20 and one on Wednesday, Oct. 21 — threatened Democratic voters in Alaska, Arizona and Florida that attackers accessed “all of your information.” They warned that there would be dire repercussions if voters didn’t cast their ballot for President Trump in the upcoming election, according to a Wednesday Proofpoint report. The research came on the heels of a report from WUFT in Florida that the FBI was investigating threatening emails sent to Democratic voters in the state.
The emails of both campaigns were sent from addresses linked to the far-right, male-only group Proud Boys — “Proud Boys <info[@]officialproudboys[.]com>” on Oct. 20 messages and “Proud Boys <info[@]proudboysusa[.]com>” on Oct. 21 messages. However, federal officials claimed in a press conference late Wednesday that Iran had obtained some voter registration information and was actually behind the attack.
“We have already seen Iran sending spoofed emails designed to intimidate voters, incite voters and damage President Trump,” Director of National Intelligence John Ratcliffe said in the briefing.
Iran also is distributing other content to mislead voters, including a video that implies that individuals can cast fraudulent ballots, even from overseas, Ratcliffe said. “These videos are not true,” he said, calling the actions of Iran to interfere with the election “desperate attempts by desperate adversaries.”
Of note, Reuters has reported that governments sources say, while U.S. officials suspect the Iranian government was involved, concrete evidence remains inconclusive. Meanwhile, others in the security research community told ZDNet that they could not confirm the attribution to Iran.
Proud Boys Content
The video in question is a Proud Boys-branded video demonstrating a Kali Linux user filling out voter registration and absentee ballots for Alaskan citizens, according to the report from Proofpoint, whose researchers obtained a copy.
“We only observed two intended recipients of these messages, both of whom appear to reside in Florida,” wrote researchers. The video appeared to be taken off the Internet not long after researchers viewed it, they said.
The emails observed by Proofpoint demonstrates that attackers did obtain sensitive personal information of voters and also shows those behind the threats changing up their tactics to avoid detection.
Messages in the Oct. 20 campaign — which Proofpoint separated into two sets — show that the threat actors have the home addresses of some of their victims. Researchers traced messages in set one to a PHPmailer script hosted on a likely compromised Saudi Arabian insurance company website, while set two was routed through the website of an Estonian textbook publisher, as previously reported by Vice.
The email attacks and attempts to spread misinformation are a departure from recent and more typical tactics used by threat actors to interfere in the U.S. elections, such as impersonation of the Democratic National Committee and various fraudulent voter registration portals, researchers said.
“Previous activity used political themes to entice users to click on links or open attachments but did not appear especially politically motivated,” they wrote in the report.
Indeed, this election season has seen a ramp up and variation in methods by state-sponsored actors to interfere with the 2020 U.S. Elections, which has been complicated by the COVID-19 pandemic.
This election will see many more voters choose to vote by mail, increasing the load of votes the postal system will handle. People also have opted to vote early to avoid long lines on election day, a scenario that could invite attacks on voting machines. These various scenarios provide a wider playing field for attackers to target in the run-up to the official election day on Nov. 3, experts observed.