Full Report
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence
Analysis Summary
# Threat Actor: Charming Kitten (and associated IRGC/GRU entities)
## Attribution & Identity
The article details coordinated interference efforts involving actors affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC) and Russia's Main Intelligence Directorate (GRU).
**Iranian Affiliation:**
* **Primary Actor Mentioned:** Charming Kitten (IRGC-affiliated hacking crew).
* **Sanctioned Entity:** Cognitive Design Production Center (CDPC), a subordinate organization of the IRGC, accused of planning influence operations.
**Russian Affiliation:**
* **Sanctioned Entity:** Center for Geopolitical Expertise (CGE), a Moscow-based affiliate of the GRU responsible for political interference and cyber warfare.
* **Key Individual:** Valery Mikhaylovich Korovin, a GRU officer alleged to be coordinating influence operations since at least 2024.
## Activity Summary
The actors engaged in extensive influence operations aimed at the 2024 U.S. presidential election, seeking to influence the outcome and amplify socio-political tensions.
* **Iranian Activity:** Orchestrating cyber operations to gain sensitive election-related information. Charming Kitten targeted individuals in Israel, Palestine, Iran, the U.K., and the U.S. via WhatsApp. Separately, three Iranian nationals were charged for targeting U.S. government personnel for data theft via spear-phishing and hack-and-leak operations.
* **Russian Activity (CGE/GRU):** Deploying disinformation campaigns utilizing generative AI to create synthetic content at scale. This involved propagating false narratives across a network of fake news websites.
## Tactics, Techniques & Procedures
- Targeted disinformation campaigns designed to incite socio-political tensions.
- Use of Generative AI (deepfakes) to create synthetic content at scale.
- Spear-phishing campaigns targeting current and former government personnel (Attributed to Iranian elements).
- Hack-and-leak operations (Attributed to Iranian elements).
- Hosting infrastructure internally on a self-built server to evade foreign web-hosting service blocks.
- Building a vast ecosystem of proxy websites masquerading as legitimate news outlets.
## Targeting
- **Sectors:** Election processes, government personnel (current and former).
- **Geography:** United States (primary focus for election interference), Israel, Palestine, U.K., and Iran (specific to Charming Kitten's WhatsApp campaign).
- **Victims:** U.S. electorate, U.S. government personnel.
## Tools & Infrastructure
- **Malware families used:** Not explicitly detailed, but previous context links Charming Kitten to specific malware.
- **Infrastructure (C2, domains, IPs):**
* A dedicated server built by CGE to host generative AI tools and content, avoiding external web-hosting services.
* A network of at least 100 bogus websites used for disinformation distribution.
## Implications
These state-sponsored entities, acting on behalf of the IRGC and GRU, demonstrate a sophisticated and persistent threat to democratic integrity, leveraging cutting-edge technologies like Generative AI to weaponize disinformation at scale. The coordination between cyber espionage (data theft) and influence operations signifies a comprehensive Russian and Iranian strategy to undermine U.S. national security interests globally.
## Mitigations
- Enhanced monitoring for highly tailored spear-phishing attempts targeting government employees.
- Developing detection methods specifically targeting AI-generated synthetic content (deepfakes) across social media and news aggregation platforms.
- Scrutinizing traffic originating from domains flagged as likely state-sponsored proxy news outlets.
- Increased vigilance against influence operations attempting to polarize sociopolitical discourse, particularly around elections.