Microsoft uncovers details of Russian operations to undermine U.S. elections

By Samir Muradov

On September 18, Brad Smith, Vice Chair and President of Microsoft Corporation , testified before the U.S. Senate Intelligence Committee in a hearing titled Foreign Threats to Elections in 2024 – Roles and Responsibilities of U.S. Tech Providers. His testimony shed light on the escalating attempts by Russian actors to influence the U.S. electoral process and disrupt democratic institutions globally, including the upcoming Moldovan elections and the EU referendum.

Russia’s disinformation campaigns

Russian threat actors, notably active in previous U.S. election cycles, continue to exploit digital platforms, using sophisticated disinformation tactics. Microsoft has tracked multiple operations involving fake videos designed to sow division among voters. A prime example is Storm-1516, a Russia-affiliated group responsible for several staged videos. One of their operations in May 2024 involved the dissemination of a fake video showing Ukrainian soldiers burning an effigy of former President Trump. The video, despite its fabricated nature, gained millions of impressions and was mistakenly reported as legitimate by some international media outlets.

As the U.S. presidential race heated up, Storm-1516 shifted its focus. After Vice President Kamala Harris entered the race, a series of staged videos targeting her began circulating. One such video, released in August, falsely depicted Harris supporters attacking a supposed Trump supporter. This fake content garnered over five million impressions. Another video falsely implicated Harris in a hit-and-run incident, which quickly accumulated two million views in just one week.

These campaigns demonstrate how Russian disinformation actors have adapted their strategies, using edited videos to create divisive narratives, gaining significant traction among U.S. and international audiences.

Cyberattacks targeting election infrastructure

In addition to disinformation campaigns, Russian cyber proxies continue to pose a direct threat to U.S. electoral infrastructure. During the 2022 midterm elections, several cyber proxies, including RaHDit, which was recently revealed by the U.S. State Department as a Russian intelligence operation, launched attacks on U.S. election websites. These rudimentary cyberattacks aim to spread fear and cast doubt on the security of election systems. As Election Day 2024 approaches, experts warn that these attacks could escalate, targeting both voters and government security on social media platforms.

Microsoft is tracking nearly a dozen Russian cyber proxies, including Volga Flood (also known as Rybar). This actor has evolved from a military blogger covering the Ukraine conflict to a full-fledged media enterprise with teams focused on analytics, geospatial mapping, video production, and disinformation campaigns. Volga Flood operates covertly under various social media brands, using deceptive content to stoke tensions around issues like immigration at the U.S.-Mexico border and, more recently, the Harris-Walz campaign.

Russian influence beyond U.S. elections

Russian interference is not limited to the U.S. As the 2024 Moldovan presidential election and EU referendum approach, Kremlin-backed actors are intensifying their efforts to destabilize democratic institutions. In Moldova, Microsoft has observed pro-Kremlin cyber activity aimed at promoting Moscow’s strategic goals by undermining pro-EU sentiment and supporting political forces aligned with Russian interests. These activities include electoral interference, cyber-enabled influence operations, and sabotage.

Notably, Microsoft is collaborating with the Moldovan government to protect the integrity of their elections, helping identify and mitigate Russian cyber threats. This cooperation underscores the global scale of Russian disinformation operations and the need for international collaboration to counter these efforts.

Evolving Russian cyber strategies

Two additional Russian actors, Ruza Flood and Storm-1679, have largely focused on European audiences but are now shifting attention to U.S. elections. Ruza Flood is well-known for its projects like the “Good Old USA Project,” which aims to influence American voters through social media influencers and disinformation campaigns. Storm-1679, originally focused on malign influence during the 2024 Paris Olympic Games, has turned its sights on the U.S. presidential election, producing videos that masquerade as credible news reports and spread conspiracy theories targeting Vice President Harris.

Microsoft’s continued tracking of these influence actors reveals the vast resources and coordination behind Russian disinformation efforts. In particular, Volga Flood is reported to be led by EU-sanctioned Russian national Mikhail Zvinchuk, highlighting the involvement of high-level actors in the Kremlin’s information warfare strategy.

As the U.S. heads toward its 2024 presidential election, foreign interference from Russia remains a critical concern. With millions of impressions garnered from fake videos and a growing arsenal of cyber proxies, Russian actors like Storm-1516, Volga Flood, and others are working to undermine democratic processes. Beyond the U.S., Russia’s influence operations are extending to critical elections in Moldova and Europe, further complicating the global security landscape.

The collaborative efforts between Microsoft and government agencies, both in the U.S. and abroad, highlight the importance of vigilance and cooperation in the face of evolving cyber threats. As Russia continues to exploit technology to wage information warfare, defending democratic institutions will require an unwavering commitment to identifying and countering disinformation at every level.

News.Az