Just So You Know: Foreign Threat Actors Likely to Use a Variety of Tactics to Develop and Spread
Disinformation During 2024 U.S. General Election Cycle
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security
Agency (CISA) are issuing this announcement to raise awareness of the efforts posed by
foreign threat actors to spread disinformation in the lead up to, and likely in the days following, the
2024 U.S. general election. Foreign threat actors are knowingly disseminating false claims and
narratives that seek to undermine the American people's confidence in the security and legitimacy of the
election process
The FBI and CISA have no information suggesting malicious cyber activity against U.S. election
infrastructure has compromised the integrity of voter registration information, prevented an eligible
voter from casting a ballot, impacted the integrity of any ballots cast, or disrupted the ability to
count votes or transmit unofficial election results in a timely manner. However, foreign adversaries may
use false or misleading narratives that indicate otherwise to further their objectives of undermining
American public confidence in democratic processes and institutions.
While foreign malign influence operations and disinformation targeting American elections are not new,
the proliferation of generative artificial intelligence (AI)-enabled tools is exacerbating
pre-existing tactics. Generative AI-enabled tools have lowered the barrier for foreign malicious actors
to conduct more sophisticated influence campaigns. We are seeing foreign actors use these tools to
develop and distribute more compelling synthetic media messaging campaigns and inauthentic news
articles, as well as synthetic pictures and deepfakes (video and audio) at greater speed and scale
across numerous US- and foreign-based platforms. These efforts to develop content are designed to
undermine voter confidence and to entice unwitting consumers of the information to discuss, share, and
amplify the spread of false or misleading narratives.
Foreign threat actors use a variety of methods, often in tandem, to knowingly spread and amplify false or
misleading claims about voting processes and results, including false claims that the processes or
results have been compromised by malicious cyber activity to cast doubt on the legitimacy or outcome of
the vote. These actors use commercial firms, paid influence, witting and unwitting Americans, publicly
available and dark web media channels, online journals, messaging applications, spoofed websites,
emails, text messages, and fake online personas on U.S. and foreign platforms to spread and amplify
these false claims.
In previous public service announcements, the FBI and CISA raised awareness about tactics that could be
used in foreign malign influence operations to undermine public confidence in elections. Those
announcements highlighted foreign threat actors' use of publicly available voter registration
information as "evidence" to falsely claim that a cyber operation compromised voting systems or altered
election results. Similarly, foreign threat actors may falsely claim that ransomware or distributed
denial of service incidents impacting election offices could impact the security or accuracy of vote
casting or counting processes.
Russian Influence Efforts
As part of efforts to combat foreign actors who are seeking to interfere in and influence U.S.
elections, the Department of Justice (DOJ), in collaboration with federal partners,
has taken a series of actions to degrade Russian threat actors' capabilities to conduct these
malign influence campaigns.
In July 2024, the DOJ, in coordination with U.S. and international partners, exposed a covert
Russian government-operated, AI-enhanced social media bot farm using specialized software to
create fictitious social media personas at scale. In September 2024, the DOJ took steps to
disrupt Russian government-directed foreign malign influence campaigns by seizing more than 32
internet domains controlled by Russian government malign influence actors. The DOJ also indicted
employees of a Russian state-controlled media outlet who covertly funded and directed a
U.S.-based company that deployed nearly $10 million to disseminate pro-Russian narratives to a
U.S. audience.
Over the course of these actions, the DOJ seized website domains that Russian malign influence
actors created and deliberately designed to look like legitimate mainstream news websites (see
below for examples). Many of the seized domains employed "cybersquatting," — a method of
registering a domain intended to mimic another person's or company’s domain. The images below
are screen captures of articles produced by these Russian government actors. These examples
include websites such as "washingtonpost.pm", and "fox-news.in," which are not the real websites
of the Washington Post and Fox
News
Russian government or proxy-created fake media websites falsely presenting as
prominent U.S. news outlets with
propaganda messaging and articles to further the threat actors’ intended messaging and
goals.
Russian malign influence actors also created fake social media profiles posing as U.S. citizens
to direct users to these fake news websites and purchased social media advertisements to drive
traffic to the specific fake articles on the fake news site. The Appendix at the end of this
document provides a compilation of websites that the FBI, Department of State, or Department of
Treasury have previously publicly attributed to Russian malign influence actors, as well as
websites and social media accounts that the Intelligence Community has attributed to Russian
malign influence actors.
Iranian Influence Efforts
In addition to Russia, Iran is also undertaking
influence operations as it has in past election cycles, including through its cyber
apparatus, targeting current and former U.S. government officials, members of the media,
nongovernmental organizations, and individuals associated with U.S. political campaigns. Iran
is probably using generative AI and inauthentic personas to hide its hand and attempt to
sow discord during the 2024 U.S. election cycle. On September 27, 2024, the DOJ charged three
Iranian nationals identified as employees of the Islamic Revolutionary Guard Corps
(IRGC), for a wide-ranging hacking conspiracy targeting current and former U.S.
officials. The three IRGC employees are alleged to have conspired to hack into accounts of
current and former U.S. officials, members of the media, nongovernmental organizations, and
individuals associated with U.S. political campaigns. That indictment further alleged that in
June 2024, the IRGC conspirators engaged in a "hack-and-leak" operation, in which they sought to
weaponize campaign material stolen from a U.S. Presidential campaign. Additionally, the FBI,
U.S. Cyber Command, the Department of Treasury, and the United Kingdom's National Cyber Security
Centre have previously disseminated a Joint Cybersecurity Advisory that includes a list of
malicious domains used by cyber actors working on behalf of the IRGC, which is linked below. We
have also seen Iranian actors use similar tactics as Russian malign influence actors where they
create inauthentic news sites posing as a legitimate media organization (see example below).
Iranian government or proxy-created website presenting as a fake local news
organization, which uses
propaganda messaging and articles to further Iran's intended messaging and goals.
Recommendations
We urge the American public to critically evaluate the sources of the information they consume
and to seek out reliable and verified information from trusted sources, such as state and local
election officials. Specifically, we recommend the American public take the following
precautions:
Educate yourself and others on the tactics of foreign malign influence operations, including
the use of generative AI and deep-fakes, and their goal to undermine American public
confidence in U.S. democratic institutions and processes. Greater public awareness may help
limit the spread of foreign malign influence campaigns.
Seek out information from trusted, official sources, such as state and local election
officials, and verify
reported claims through trusted, official sources before sharing such information.
To better understand what you are viewing, know the media and social media company policies
and citation rules to denote or disclose content created or doctored with generative AI
tools. When viewing content, consider who produced it and look for labels that may identify
the content as AI-generated.
Consider reporting information concerning suspicious or criminal activity, to include the
distribution of knowingly false information regarding the time, place, or manner of
elections designed to deprive individuals of their right to vote, to their local FBI field
office.
Role of the FBI and CISA in Elections
The FBI and CISA coordinate closely with federal,state, and local election partners and provide
services and information to safeguard U.S. voting processes and maintain the resilience of U.S.
elections. The FBI, alongside DOJ prosecutors, is responsible for investigating and prosecuting
election crimes, foreign malign influence operations, and malicious cyber activity targeting
election infrastructure and other U.S. democratic institutions. The FBI does not investigate,
collect, or maintain information on U.S. persons solely for the purpose of monitoring activities
protected by the First Amendment. CISA, as the Sector Risk Management Agency for Election
Infrastructure, is the federal government lead for working with critical infrastructure owners
and operators, including the election infrastructure community, to ensure the security and
resilience of election infrastructure from physical and cyber threats.
Victim Reporting and Additional Information
We encourage the public to report information concerning suspicious or criminal activity, to
include the distribution of knowingly false information regarding the time, place, or manner of
elections designed to deprive individuals of their right to vote, to their local FBI field
office (www.fbi.gov/contact-us/field).
For additional assistance to include common terms and best practices, such as media literacy,
please visit the following websites:
Appendix A: Websites and Accounts Operated by Russian Malign Influence Actors
The following websites the U.S. Government either attributes to or assesses are
highly likely to be operated by Russian malign influence actors. Websites denoted with an
asterisk have previously publicly attributed to Russian malign influence actors by the FBI,
Department of State, or Department of Treasury.
50statesoflie.com*
uschina.online*
washingtonpost.ltd*
50statesoflie.media*
uschina.press*
usareally.com*
acrosstheline.press*
warfareinsider.us*
welt.ltd*
artichoc.io*
waronfakes.com*
welt.ws*
bild.work*
washingtonpost.pm*
welt.media*
electionwatch.io*
delfi.top*
spiegel.work*
electionwatch.live*
afrinz.ru*
nd-aktuell.net*
faz.ltd*
africanstream.media*
nd-aktuell.pro*
forward.pw*
americanfront.info*
nd-aktuell.co*
fox-news.in*
vip-news.org*
obozrevatel.ltd*
grenzezank.com*
begemot.media*
milliyet.com.co*
holylandherald.com*
syncreticstudies.com*
albayan.me*
honeymoney.info*
eramedia.com*
gulfnews.ltd*
honeymoney.press*
fortruss.blogspot.com*
faz.agency*
infobrics.org*
geopolitica.ru*
sueddeutsche.ltd*
lemonde.ltd*
globalresearch.ca*
sueddeutsche.cc*
leparisien.ltd*
inforos.ru*
tagesspiegel.ltd*
levinaigre.net*
anticrisis.cc*
fraiesvolk.com*
lexomnium.com*
webkamerton.ru*
fraiepozition.store*
liesofwallstreet.com*
katehon.com*
fraiepozition.site*
liesofwallstreet.io*
journal-neo.org*
bild.bz*
meisterurian.io*
novaresistencia.org*
lefigaro.me*
mypride.press*
odnarodyna.org*
70-putin-freunde.de*
oneworld.press*
onmedia.io*
freikorps.press*
pravda-ua.com*
openrevolt.info*
jfriecorp.press*
rbk.media*
orientalreview.org*
sieben-fragen-putin.de*
rrn.media*
thered.stream*
tonline.life*
rrn.world*
ritmeurasia.org*
tonline.today*
shadowwatch.us*
rt.com*
t-onlinr.life*
spicyconspiracy.info*
ruptly.tv*
t-onlinr.live*
spicyconspiracy.io*
riafan.ru*
t-onlinr.today*
spiegel.agency*
fznc.world*
delfi.today*
sueddeutsche.co*
strategic-culture.org*
spiegel.fun*
tagesspiegel.co*
unitedworldint.com*
spiegel.today*
tribunalukraine.info*
tsargrad.tv*
winter-is-comming.de*
truthgate.us*
bild.llc*
reuters.cfd*
Ukrlm.info*
bild.ws*
reuters.cyou*
bild.vip*
repubblica.icu*
repubblica.world*
socialharmony.de*
manabalss.li*
musubalss.org*
spiegel.ink*
sueddeutsche.online*
dailymail.cam*
dailymail.cfd*
delfi.life*
repubblica.life*
spiegeli.life*
spiegeli.live*
spiegeli.today*
reuters.sbs*
blld.live*
itcb.life*
dekommnt.live*
ukcommunity.vip*
spiegelr.live*,
spiegelr.today*
spiegelr.life*
50StatesOfLie <X account>
t-onlinl.life*
foxnews.cx*
AcrossTheLine11 <X account>
t-onlinl.live*
inforos.ru*
alhiwar.cc
alhiwar.me
t-onlinl.today*
infosco.org*
bostontimes.org
sueddeutsche.life*
southfront.org
besuchszweck.org
sueddeutsche.today*
allons-y.social
brennende_frage <X account>
sueddeutsche.site*
brennendefrage.com
brennendefrage.cc
atlanta-observer.com
alternativereport.us
carsondispatch.com
atlantabeacon.org
candidat.news
centernewscentral.com
antifashist.com
candidat_news <X account>
centerpointbeacon.com
american-freedom.org
capitolpulse.org
civiccentury.org
civiccommentary.org
conservativecompass.org
conservativecontext.com
civiccorner.org
conservativecorridor.com
democracydive.com
civiccreed.com
conservativecourier.org
daybreakdigest.org
civiccurrent.com
cropmarketchronicles.cc
derrattenfanger.io
civiccurve.com
cropmarketchronicles.us
derrattenfanger.net
conservativecamp.org
dc-free-press.org
DragonflyTimes <X account>
conservativecatch.org
deintelligenz.com
epochpost.org
conservativechannel.org
deintelligenz.io
flagstaffpost.com
conservativecircuit.com
democracydepth.com
flyoverbeacon.com
derglaube.online
democracydrive.org
franceeteu.today
derleitstern.cc
derbayerischelowe.info
franceeteu <X account>
derleitstern.com
derglaube.com
freedomfacade.com
arbeitspause.org
freedomfixture.com
freedomforge.info
freedomfoundry.info
freemediaforum.info
gopguardian.com
governancegaze.com
grunehummel.com
GruneHummel <facebook Name>
hauynescherben.net
hauynescherben.press
hauynescherben <X account>
heartlandharbor.org
heartlandhaven.org
heartlandheadlines.net
heartland-inquirer.org
honestcitizens.org
houstonpost.org
il_corrispondente.com_ <instagram Name>
il-corrispondente.com
rybar <telegram Name>
corrispondente.io
interventionist.cc
interventionist.com
interventionist.us
Intrvntnst <X account>
kaputteampel.cc
kaputteampel.com
KaputteAmpel <X account>
kbsf-tv.com
lansingtribune.org
la-sante.info
laterrasse.io
laterrasse.online
leaderledger.net
lebelligerant.com
lebelligerant.io
lebelligerant <X account>
le-continent.com
lesfrontieres.media
lesfrontieres <X
southfront.press
lavirgule.news
lesifflet.cc
lesifflet.net
LexOmnium <X account>
libertylagoon.org
libertylantern.org
libertylaunch.org
libertylectern.org
libertypressnews.com
libertyvoice.info
lonestarcrier.com
madison-gazette.org
maplechronicles <telegram Name>
meriblood <telegram Name>
miastagebuch.com
nationalcrier.com
nationalmatters.org
nationalnarrative.org
nationnotebook.com
newscenterpress.org
news-front.su
strategic-culture.su
orientalreview.su
journal-neo.su
noticiasbravas.com
notrepays.today
observateurcontinental.Fr
omnam.life
oraclenews.org
partyperspective.com
patrioticpage.com
patrioticparade.com
patrioticpioneer.com
patrioticpulse.info
phoenixpatriot.org
policypaddock.com
policypassage.com
policypatch.com
policypath.org
policypeak.org
policyplatform.info
policyporch.org
politicalpioneer.com
politicalplot.org
politicalporch.com
politicostream.com
politnavigator.news
politnavigator <telegram Name>
politnavigator <X account>
politnavigator <youTube Name>
polskikompas.com
pulsepress.org
purplestatepost.com
raleigh-herald.com
Rattenfangernet <X account>
red-blue-tribune.com
redstategazette.com
redstatereport.net
republicrally.com
republicrange.com
republicregard.com
republicreview.net
republicripple.com
republicroot.com
republicroots.org
republicrundown.com
rightrealm.net
rightresonance.org
rightrevival.org
rightrundown.com
senatesight.com
signaldaily.org
silverstatesignal.org
southfronteng <telegram account>
southfroneng <X account>
SouthFrontEnThree <facebook>
statestage.org
thearizonaobserver.com
tribunetimes.org
unitytrend.com
ULM_Info <X account>
TruthGateOff <X account>
voice-of,europe.eu
ukraine-inc.info
vanguardviews.com
votervista.net
bild.asia
spiegel.pro
TEXASvsUSA <telegram Name>
topicdujour <telegram account>
dailymail.top
TEXASvsUSA <X account>
interventionist.io
SpConspiracy <X Name>
wanderfalke.net
facts.matter.me
faz.life
naebc.com
sueddeutsche.me
scopestory.com
rybar_force <X account>
rightreview.org
Appendix B: Websites Operated by Iranian Malign Influence Actors
The following websites the U.S. Government either attributes to or assesses are
highly likely to be operated by Iranian malign influence actors.
