Full Report
The 2024 elections were a high-water mark for naming and shaming threat actors from foreign governments. There’s still work to be done, though, on how to attribute disinformation campaigns most effectively.
Analysis Summary
# Threat Actor: Russian, Chinese, and Iranian State-Linked Actors
## Attribution & Identity
The article focuses generally on threat actors associated with **Russia, China, and Iran** engaging in foreign influence operations, particularly in the context of US elections. No specific named threat groups or APTs are detailed, only the sponsoring nation-states.
## Activity Summary
The primary activity summarized is **foreign malign influence operations** aimed at impacting US elections.
* The 2024 US elections saw an unprecedented speed and certainty in the US government publicly attributing influence efforts to these nations.
* This is contrasted with the lead-up to the 2016 election when attribution for Russian activities was much slower (taking four months to attribute the DNC hack).
* In 2016, Russia engaged in **hack-and-leak campaigns** and **strategic disinformation**.
* Tech giants like Microsoft collaborated with the government to publish information regarding these election-related disinformation campaigns.
## Tactics, Techniques & Procedures
The article highlights the following broad TTP areas:
- Strategic disinformation
- Hack-and-leak campaigns (specifically mentioned in reference to 2016 Russian activity)
- Digital probing (mentioned as a precursor to the 2016 awareness gap)
*(No specific MITRE ATT&CK IDs are mentioned in the provided text.)*
## Targeting
- Sectors: Political discourse/Elections (specifically US general elections)
- Geography: United States
- Victims: General public discourse; specific mention of the Democratic National Committee (DNC) being a victim in the 2016 period.
## Tools & Infrastructure
- Malware families used: Not specified.
- Infrastructure (C2, domains, IPs): Not specified.
## Implications
The main implication discussed is the **increased effectiveness and speed of US attribution** in 2024 compared to previous election cycles (such as 2016 and 2020). Researchers caution that there is a risk of "overcorrection," suggesting the need to carefully evaluate the policy and impact of rapid attribution. The overall threat level remains high, marked by persistent state-sponsored influence campaigns.
## Mitigations
- Collaboration between government agencies (intelligence community, law enforcement) and private sector entities (e.g., Microsoft) to identify and publicly disclose influence activity.
- Developing effective policies for the timing and method of official attribution.