2024 Midterms Under Siege: The Cyber Threats No One Is Talking About
June 10, 2024
The 2024 U.S. Midterm elections are less than six months away, but the real battleground may not be polling places—it’s the digital landscape. A new report from cybersecurity firm Check Point reveals a surge in suspicious domain registrations, AI-powered disinformation campaigns and foreign-backed cyber operations targeting political campaigns, fundraising platforms, and media outlets. Experts warn that while some threats are routine, others—like deepfake videos and hyper-realistic AI-generated content—are reaching unprecedented levels of sophistication.
Why This Election Cycle Is Different
Traditionally, election cybersecurity focuses on protecting voting systems and preventing foreign interference. But this year, the threats have expanded to include:
- AI-driven misinformation: Bad actors are using AI to generate fake news articles, deepfake videos, and personalized phishing emails at scale.
- Phishing attacks on campaigns: Over 9,600 leaked credentials from Democratic fundraising platform ActBlue and 6,500 from WinRed (Republican counterpart) have already been exposed, risking donor fraud and unauthorized access.
- Foreign adversary tactics: Russia, China, and Iran are employing distinct strategies—from narrative amplification to reconnaissance—to exploit U.S. Political divisions.
- Suspicious domain registrations: Over 5,000 new domains containing “election” or “vote” have been registered since January, raising red flags for potential phishing or impersonation schemes.
Unlike past elections, where threats were often predictable, this cycle is marked by speed and adaptability. “We’re seeing AI tools that can generate content indistinguishable from human-created material,” says Aaron Rose, Check Point’s cybersecurity expert. “This isn’t just about scam emails anymore—it’s about deepfakes, AI-generated social media posts, and hyper-targeted disinformation that can sway local races just as easily as national ones.”
The Threat Breakdown: What You Need to Know
1. AI: The Wildcard in Election Disinformation
AI tools like ChatGPT, MidJourney, and Synthesia have lowered the barrier for creating convincing fake content. Researchers at RAND Corporation found that AI-generated deepfake videos of political figures can spread 10 times faster than traditional misinformation. For the 2024 midterms, experts predict:
- AI-cloned voices impersonating candidates in robocalls.
- Fake local news websites using AI to mimic reputable outlets.
- Personalized disinformation tailored to swing-state voters.
“The biggest challenge isn’t detecting AI content—it’s detecting what’s missing,” says CISA Director Jen Easterly. “If a video of a candidate making a controversial statement goes viral, and it’s AI-generated, how do we know before millions see it?”
2. Foreign Interference: Russia, China, and Iran’s Playbook
While foreign election interference is not new, the 2024 threat landscape is more fragmented—and more aggressive. Here’s how each adversary is approaching the midterms:
| Adversary | Primary Tactic | Goal | Example from Past Elections |
|---|---|---|---|
| Russia | Influence operations, narrative amplification | Deepening U.S. Political divisions; undermining trust in elections | 2016: Fake “Grassroots Sports Foundation” pages on Facebook; 2020: Disinformation about mail-in voting (DOJ case) |
| China | Reconnaissance, influence testing, exploiting divisions | Assessing U.S. Vulnerabilities; amplifying domestic unrest | 2020: Hacking state election systems (CISA alert); 2022: Targeting Asian American communities to stoke racial tensions |
| Iran | Hacking, cyberattacks on political operations | Disrupting campaigns; stealing sensitive data | 2022: Hacking Democratic National Committee emails (CISA warning); 2024: Likely targeting fundraising platforms |
Unlike the 2020 election, where foreign interference was concentrated on national races, this year’s threats are localized. “They’re not just going after the presidency—they’re targeting school board races, state legislatures, and even local prosecutors,” warns Dr. David Grossman, cybersecurity expert at Stanford University. “Their goal isn’t to flip the election—it’s to make voters question whether their voice matters at all.”
3. Phishing and Credential Theft: The Overlooked Weak Link
While headlines focus on foreign hackers, the most immediate threat to campaigns remains phishing attacks. Check Point’s report found that 82% of malicious file attacks in 2023 came via email—often disguised as urgent requests from “candidates,” “party leaders,” or “volunteers.”
Key risks:
- Donor fraud: Hackers use stolen credentials to redirect campaign funds or launder money.
- Ransomware: Some groups encrypt campaign databases and demand payments to restore access.
- Supply chain attacks: Compromising third-party vendors (e.g., canvassing apps, polling firms) to infiltrate campaigns.
Oregon Secretary of State Tobias Read emphasizes that no campaign is too compact to be targeted. “We run phishing drills every quarter, even for my own staff,” he says. “If you get an email saying, ‘Your password has expired—click here,’ it’s almost always a scam.”
4. The Domain Registration Surge: A Red Flag
Since January 2024, over 5,000 new domains containing keywords like “election,” “vote,” or “[State]Ballot2024” have been registered—many by entities with no verifiable connection to legitimate campaigns. While not all are malicious, experts warn that these domains are prime real estate for:
- Phishing sites mimicking official election portals.
- Fake fundraising pages siphoning donations.
- Misinformation hubs spreading false claims about polling places or voter ID laws.
Kathy Boockvar, former Pennsylvania Secretary of State, calls the trend “a digital land grab.” “The goal isn’t just to hack—it’s to create confusion. If voters can’t tell which websites are real, they’ll stay home.”
The U.S. Government has long-standing protocols for election cybersecurity, but this year’s threats have exposed gaps: Boockvar criticizes the shift under the current administration: “We’ve gone from a model of federal-state collaboration to one where states are left to fend for themselves. That’s a recipe for disaster.” While the threats are daunting, experts offer actionable steps to mitigate risks: Yes. Tools like Synthesia can generate hyper-realistic videos of political figures in minutes. A 2023 NIST study found that even experts struggle to detect AI voices 30% of the time. Check the sender’s email address (official campaigns use @[candidate].org or @[party].com), look for typos or urgent language (“Your vote is missing!”), and never click links in unsolicited messages. Forward suspicious emails to report@phishing.gov. Absolutely. While federal races get attention, RAND found that local elections (school boards, prosecutors, state legislatures) are prime targets because they’re underfunded and less secure. A hack in a single county can suppress turnout in key swing districts. Isolate affected systems immediately, report the breach to CISA, and contact your state’s election security office. Avoid paying ransomware demands—the FBI recommends working with cybersecurity firms instead. The 2024 midterms will test whether U.S. Democracy can adapt to an era of AI-driven misinformation and hyper-targeted cyberattacks. While the risks are real, the tools to combat them are within reach—for those who act now. “This isn’t a binary choice between security and trust,” says Boockvar. “We can educate voters about risks without sowing panic. The key is transparency: Tell people what to watch for, and give them the power to verify.” As the election season heats up, one thing is clear: The fight for America’s future isn’t just about policies or candidates—it’s about information itself. And for the first time, the enemy isn’t just human. Bookmark these resources to protect your vote and your campaign: Report suspicious activity: report@phishing.gov | Facebook Misinformation ReportingWhat’s Being Done—and What’s Missing
How Voters and Campaigns Can Stay Safe
For Voters:
For Campaigns and Parties:
Key Takeaways
FAQ: Your Election Cybersecurity Questions Answered
Can AI really create convincing deepfakes?
How can I tell if a political email is real?
Are state elections really at risk from foreign hackers?
What should I do if my campaign gets hacked?
The Road Ahead: Can Democracy Outpace the Threats?
Stay Informed, Stay Secure