Iranian cyber actors were “almost certainly” behind a number of websites and social media accounts which contained death threats against senior officials in charge of securing and managing the 2020 election, two US security agencies have announced.
In a joint statement published on 23 December, the FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) said they were in possession of “highly credible information” indicating Iran was responsible for the operation.
The operation “demonstrates an ongoing Iranian intent to create divisions and mistrust in the United States and undermine public confidence in the US electoral process”, it added.
The websites and social media accounts, called “Enemies of the People” and “Enemies of the Nation”, were created in early December and included the names, photos, contact details and home addresses of 38 US federal, state and local officials, as well as private citizens employed by Dominion – which sells electronic voting software and hardware.
Rifle crosshairs were imposed on the images of the individuals listed on the websites.
President Trump, his legal team and a number of his allies have made allegations in recent weeks about widespread electronic voting fraud in several swing states involving Dominion.
But federal courts have dismissed lawsuits which referred to those claims.
“The following individuals have aided and abetted the fraudulent election against Trump,” read a note on the domains.
“Changing votes and working against the president is treason and patriotic Americans should never forget those who helped overthrow our democracy,” it added.
The agencies also identified four email addresses linked to the websites which had sent “threatening emails” to the officials.
The operation’s social accounts on Facebook, Twitter, Parler, V-Kontakte, Pinterest and Gab spread the domains and called on President Trump’s supporters to add details of more individuals who “betrayed our country and democratic ideals”.
FBI chief Christopher Wray, former Cisa head Chris Krebs – who was fired last month by Mr Trump for contradicting his claims of voter fraud – Michigan Governor Gretchen Whitmer, Georgia Secretary of State Brad Raffensperger and the state’s voting systems implementation manager Gabriel Sterling were among the officials whose details appeared on the domains.
Earlier this month, Mr Sterling rebuked his fellow Republicans, including the president, for allegations of fraud in the state after a number of election workers were subjected to intimidation and death threats.
All the domains associated with the operation, and their archived versions, have now been taken down.
The majority of the social media accounts have also been removed. But accounts on VK and Parler are still up, although the Parler account has been set to private.
However, emails associated with the domain registrars used the global-oriented “yandex.com” instead of the Russian language “yandex.ru”.
“This may be circumstantial, or it could support the theory that the activity in question attempts to look like Russian-based actions but lack of language skills prompted the use of the com site instead of the Russian-language ru,” Mr Slowik added in a later update.
The is the second time US officials have linked Iran to attempts to interfere in this year’s elections.
The emails appeared to come from the Proud Boys, a far-right pro-Trump group, and were meant to “incite unrest”, National Intelligence Director John Ratcliffe said.
Iran denied any involvement in those emails, and has not so far commented on the FBI statement.
And Twitter removed nearly 130 accounts linked to Iran that attempted to “disrupt the public conversation” during the first presidential debate.
Some of the accounts tweeted in favour of Mr Trump, while others were supportive of Joe Biden.