Latest Developments
OpenAI announced on August 16 that it deactivated several ChatGPT accounts engaged in a covert Iranian influence operation. The artificial intelligence (AI) company said that it “identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as Storm-2035,” adding that “this operation used ChatGPT for two purposes: to generate long-form articles and shorter social media comments.” The content focused on topics including the war in Gaza, Israel’s presence at the Paris Olympic Games, and the 2024 U.S. presidential election. OpenAI noted that the accounts generated English and Spanish language material and “interspersed their political content with comments about fashion and beauty, possibly to appear more authentic or in an attempt to build a following.” However, the AI-generated content did not achieve “meaningful audience engagement,” OpenAI said.
Expert Analysis
“We can safely assume that nearly every foreign influence operation targeting the U.S. will employ AI, be it from a state actor like Iran or from non-state actors like Iran’s proxy terrorist groups. AI allows adversaries to create content at higher speed and scale and helps non-native English speakers overcome language barriers. While AI arguably enables a higher quantity of influence operations, it does not necessarily improve the quality of these operations. The OpenAI report demonstrates this by clarifying that recent Iranian operations using ChatGPT have not achieved significant engagement.” — Max Lesser, FDD Senior Analyst on Emerging Threats, Center on Cyber and Technology Innovation
“Leveraging generative AI tooling is an obvious choice for any threat actor conducting influence operations today. As AI models develop, the ability to create specific, niche content at scale for targeted audiences will become increasingly feasible. However, AI-generated content is no replacement for developed infrastructure, as AI-generated networks have consistently had issues gaining traction with authentic users online. Cooperation between online platforms and generative AI firms will be increasingly critical to identifying the malign use of generative AI in influence operations.” — Ari Ben Am, Adjunct Fellow, Center on Cyber and Technology Innovation
Storm-2035
Microsoft released a report on August 9 highlighting Iranian attempts to influence American voters through fake websites, phishing campaigns, and other online techniques. The report, prepared by the Microsoft Threat Analysis Center, cited four examples of recent Iranian cyber-activity targeting U.S. voters, including one case involving Storm-2035 — the same network whose ChatGPT accounts OpenAI deactivated. Microsoft observed that Storm-2035 continues to operate “four websites masquerading as news sites” that are “actively engaging US voter groups on opposing ends of the political spectrum with polarizing messaging on issues such as the US presidential candidates, LGBTQ rights, and the Israel-Hamas conflict.” Microsoft researchers discovered “evidence indicating the sites are using Artificial Intelligence (AI)-enabled services to plagiarize at least some of their content from US publications,” frequently deploying search engine optimization tools and content generated by AI to drive traffic.
Iranian Hackers Target U.S. Presidential Campaigns
A group associated with Iran’s Islamic Revolutionary Guard Corps (IRGC) known as APT42 targeted the personal email accounts of roughly a dozen individuals affiliated with Joe Biden and Donald Trump’s presidential campaigns in May and June, including current and former government officials. On August 10, Trump’s election campaign said that some of its internal communications had been hacked. Politico and other news organizations received anonymous emails containing internal Trump campaign documents. The FBI said on August 12 that it had opened an investigation into efforts to hack the Trump, Biden, and — after Biden withdrew from the race — Harris campaigns. Trump himself told reporters on August 14 that the FBI had informed him that Iran was behind the leak.
On August 19, Politico reported that Iranian hackers have been targeting the inboxes of senior Trump administration officials since 2021. Trump’s former national security advisor John Bolton confirmed that “over time, yes, the Iranians have tried to hack into my computer system and my various business computer systems and political operations,” noting that “access to somebody’s schedule could be very, very helpful to the Iranians” if they are plotting to assassinate U.S. officials.
“Google Report Exposes Iranian Hacker Attacks on Israeli and U.S. Targets,” FDD Flash Brief
“Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election,” FDD Flash Brief
“Iran has upped its cyberattacks: It’s time for Biden to strike back,” by Annie Fixler and RADM (Ret.) Mark Montgomery
Subscribe to FDD Flash Briefs