The US presidential elections have long been a focal point for global geopolitics, serving as a barometer for shifting international power dynamics. In 2024, however, the stakes are even higher, as the geopolitical landscape is marked by unprecedented volatility. The ongoing war in Ukraine, escalating conflict in the Middle East, and rising tensions with China over trade, technology, and regional influence are converging to create a perfect storm of instability. These geopolitical issues heighten the risk of cyber threats and Foreign Information Manipulation and Interference (FIMI) in the US election.

This blog explores how key players like Russia, China, Iran, and North Korea view the US elections, analyzing the impact on the cyber landscape and identifying the sectors most at risk from potential state-sponsored threats.

Key Insights

Our main takeaways and key findings in this article include:

• The convergence of geopolitical tensions and strategic elections creates an environment ripe for cyber threats and foreign interference.
• We expect Russia, China, Iran, and North Korea to engage in state-sponsored cyber activities aimed at gathering intelligence, spreading disinformation, and shaping US election outcomes to favor their strategic interests.
• Russia sees the 2024 US election as an opportunity to influence US foreign policy on Ukraine through cyber espionage and manipulation, with FIMI operations supporting pro-Trump and anti-Harris narratives to shift public opinion.
• China is deeply interested in the outcome of the US election, weighing the consequences of a Trump versus Harris administration, particularly on issues like export controls on cutting-edge technologies and Taiwan.
• For Iran, the 2024 US election is critical for the prospect of renegotiating a nuclear deal. As Kamala Harris offers more favorable negotiating possibilities, Tehran is actively trying to promote her over Trump through a combination of information and cyber operations. 
• North Korea views the 2024 election with interest, though skeptical of major changes in relations with the US. Pyongyang will likely continue advancing its nuclear program to strengthen its bargaining position with any future US administration.

Manipulating Narratives: How Russia Seeks to Shape US Election Outcomes and Ukraine Policy

Relations between Russia and the US have significantly deteriorated since Russia’s invasion of Ukraine in February 2022. The two countries are embroiled in sanctions and escalating rhetoric.

From Russia’s perspective, the 2024 US presidential election presents an opportunity to shift US foreign policy in a direction that benefits Russian interests. Donald Trump has expressed intentions to reduce military and financial support for Ukraine if re-elected, whereas Kamala Harris is expected to continue the Biden administration’s policies and maintain support for Ukraine.

In cyberspace, Russia is conducting influence operations to sway public opinion and election outcomes. Notably, the Doppelgänger, CopyCop, and Portal Kombat FIMI networks have demonstrated consistent efforts to manipulate narratives and influence election results in Europe throughout 2024. In the context of the US presidential election, we anticipate these networks to employ tactics like impersonating reputable media outlets, coordinated inauthentic behavior (CIB) on social media platforms, and utilizing artificial intelligence (AI) to disseminate pro-Trump and anti-Harris narratives. They will likely exploit existing societal divisions to reduce support for Ukraine and manipulate US public opinion.

Additionally, Russian state-sponsored APT groups, such as APT28 (aka Fancy Bear) and APT29 (aka Cozy Bear), are likely to engage in cyber espionage to gather intelligence on potential policy shifts and identify actors favorable to Russia. These groups have a documented history of involvement in the 2016 US election and attempts to influence other Western elections. Likely targets include government entities, think tanks, civil society organizations, researchers, journalists, political figures, and political parties.

Technological Self-Reliance and Taiwan: Core to China’s Calculus in the 2024 US Election

US-China relations are characterized by intense economic competition and strategic rivalry in the Indo-Pacific region. The Biden administration has enacted legislations and measures to restrict China’s access to critical, cutting-edge technologies, complicating China’s long-term goals of achieving economic supremacy and technological self-reliance—both crucial for sustaining economic growth, a cornerstone of the Chinese Communist Party’s legitimacy. Additionally, Taiwan remains a significant point of contention. China views Taiwan as a breakaway province that must be reunified with the mainland, by force if necessary. The US follows a policy of strategic ambiguity but has increased support for Taiwan through arms sales and high-level visits, further heightening tensions.

China sees the 2024 US presidential election as important but does not appear to favor any specific candidate who might support Chinese interests. The Trump administration imposed broad tariffs on Chinese goods and intensified conflicts over trade and technology. The Biden administration has continued with targeted export controls on advanced semiconductors, AI, and quantum technologies, while also reinforcing alliances in the Indo-Pacific. China is likely weighing its least unfavorable option: either facing potentially unpredictable policies but reduced support for Taiwan under Trump, or dealing with the Harris-Walz ticket, which may maintain strict export controls but provide more stable engagement and communication. Tim Walz’s longstanding relationship with China could facilitate dialogue despite ongoing tensions.

In this context, Chinese state-sponsored threat actors are expected to continue conducting economic espionage to steal intellectual property and confidential business information related to advanced technological projects. APT groups such as APT10, APT41, and APT27 are likely to target companies and research institutions involved in semiconductor development, as well as AI and quantum technologies. Chinese cyber actors are also expected to carry out espionage operations to gather intelligence before and after the November election to anticipate future US policies toward China. Additionally, China has engaged in information operations targeting the US electoral environment. While the objectives of these campaigns remain unclear, they often exploit existing controversies and societal divisions. They possibly aim to gauge US public opinion on strategic issues, sow discord, and erode trust in US institutions. These CIB operations do not explicitly support any specific candidate or appear to directly influence the election outcome.

Iran’s Election Gamble: Influence, Espionage, and the Quest for a New Nuclear Deal

US-Iran relations have been strained since the Islamic Revolution in 1979 and the subsequent hostage crisis. A brief improvement occurred during the Obama administration with the signing of the 2015 nuclear deal, but relations worsened after the Trump administration withdrew from the agreement and imposed new sanctions. Recent crises in the Middle East have further heightened tensions.

For Iran, the 2024 US presidential election is crucial. Tehran aims to secure a new nuclear deal to lift sanctions crippling its economy and exacerbating internal discontent with the regime. Such a deal is unlikely under a renewed Trump administration, whereas Kamala Harris might offer a more favorable environment for negotiations.

Iran is engaging in Foreign Influence and Interference (FIMI) operations to influence the election outcome by spreading anti-Trump and pro-Harris narratives. Iranian threat actors are also attempting to destabilize the US internally by sowing discord, inciting social discontent. Notably, US federal agencies reported that an Iranian threat actor breached the Trump campaign and offered access to the Democrats. This operation demonstrates Iran’s strong intent to influence the election with little restraint or fear of exposure. Microsoft first reported the incident as well as several similar operations. We anticipate that Iranian state-sponsored threat actors, such as APT35 (aka Charming Kitten, Mint Sandstorm), APT33 (aka Peach Sandstorm), and MuddyWater, will engage in cyber espionage targeting government institutions, think tanks, political figures, and parties to collect intelligence surrounding the ongoing electoral race.

Kim Jong Un’s Playbook: Strengthening North Korea’s Nuclear Leverage Ahead of the US Election

The Democratic People’s Republic of Korea (DPRK) and the US have historically had poor relations, with opposition to the US ingrained in the North Korean regime’s foundations. Recent clashes focus on North Korea’s nuclear ambitions and its military support for Russia in the Ukraine conflict, including providing missiles to Russia.

The DPRK views the US electoral race with cautious interest. The election’s outcome could impact potential negotiations regarding its nuclear program. However, the regime is unlikely to abandon its nuclear ambitions, especially after enshrining its nuclear power status in the constitution in September 2023. North Korea may seek to accelerate the modernization and growth of its nuclear capabilities to maximize leverage with any new US administration. Given the failure of talks initiated by the Trump presidency, the regime remains skeptical about significant changes in US-DPRK relations.

In this context, North Korea is likely to engage in cyber espionage to gather intelligence about the US election. It may also intensify efforts in cyber industrial espionage to advance its military and nuclear programs. Threat actors such as APT38 (aka Lazarus), APT37, and APT43 (aka Kimsuky) are expected to target defense, aerospace, nuclear, and engineering companies to gain sensitive data aligned with DPRK’s interests.