Cybercriminals Disrupting Elections: Experts Explain A Disturbing Threat to Democracy

Why Trust Techopedia

In a world that’s more connected than ever, the integrity of the democratic process is under unprecedented threat from state-sponsored malicious actors and other cybercriminals.

Using sophisticated technology and exploiting digital vulnerabilities, these adversaries have the power to influence elections on a global scale.

The tactics of these cybercriminals, from hacking voter databases to launching disinformation campaigns, are diverse and continue to evolve. As nations grapple with this danger, the integrity of free and fair elections is under threat.

State-sponsored threat actors are typically the most well-funded and well-resourced cyber threat groups, says Luke McNamara, deputy chief analyst of Mandiant Intelligence, now part of Google Cloud. This often makes them quite effective in their missions.

He told Techopedia:

“While we can’t predict what threats we’ll face in each election cycle, especially with the geopolitical conflicts occurring abroad, we anticipate threat actors are likely to attempt some of the same tactics they’ve historically tried.”

These can range from hack-and-leak operations that mix cyber intrusion with information operations to magnifying smaller disruptive attacks, such as distributed denial-of-service attacks, to make themselves appear more successful than they really are, McNamara adds.


Key Takeaways

  • The integrity of the democratic process is under threat from state-sponsored malicious actors and other cybercriminals.
  • GenAI is being used to create disinformation, misinformation, and even deepfake technology to disrupt elections around the world.
  • Since the beginning of 2023, there has been a spike in data breaches and leaks in the underground forums affecting voters from various countries.
  • It’s important to remember that impacts to elections are not a foregone conclusion.

Disinformation Campaigns

Disinformation campaigns have been used since the dawn of civilization by governments against their own citizens as well as against the populations of adversaries, says

Peter Warmka, a former spy with the U.S. Central Intelligence Agency and founder of the Counterintelligence Institute.

“They serve to spread confusion and division within a population to weaken them.


“While Russia continues to be the most active foreign state actor involved in disinformation campaigns, there are numerous countries that have formulated such programs as part of their offensive national security strategy.”

According to Warmka, the use of disinformation has progressed constantly over the past several decades. It is deployed not only leading up to specific election cycles but also at any time against targets of opportunity.

“I anticipate that the quality and quantity of disinformation campaigns will continue to build in the weeks leading up to many of the democratic elections taking place this year throughout the world.


“A large portion of this upward trend is a direct result of various AI tools that are in various stages of roll-out to the public.”

Tools such as ChatGPT allow threat actors to create a more robust and manipulative language for incorporation into their messaging, he says.

The ability to generate and/or manipulate images, videos, and audio can have a huge impact on the emotions of the intended target audience that adheres to the notion that “seeing is believing.”

Terrence Williams, an instructor at SANS Institute, a provider of cybersecurity training, certifications, and research, says foreign adversaries’ tactics are becoming more sophisticated. They focus on exploiting the latest vulnerabilities, infiltrating supply chains, and compromising managed service providers.

“The proliferation of alternative social media platforms and encrypted messaging apps has created new channels for threat actors to spread misinformation and organize malign influence campaigns.


“In addition, insider threats from radicalized individuals within the election ecosystem have grown more acute, highlighting the need for robust background checks and access controls.”

Targeting Global Elections

Since the beginning of 2023, researchers at Cyble, a provider of AI-based cyber threat intelligence services, have recorded a spike in data breaches and leaks in underground forums affecting voters from various countries, including India, Indonesia, the Philippines, and the United States, says Kaustubh Medhe, vice president of research and cyber threat intelligence at Cyble.

“The major threat activities included the sale of 790 million electoral records allegedly stolen from the Election Commission of India during November 2022, 81 million voters’ registration records from the Philippines Commission on Elections, 700,000 electoral records supposedly stolen from the District of Columbia Board of Elections during October 2023, and data leaks affecting voters from Virginia and Minnesota.”

Medhe says it is highly likely that this leaked demographic data of voters will be used in mass-scale election influence/interference operations in countries such as Indonesia, India, the Philippines, Argentina, and the U.S.

Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike, a cybersecurity company, says he’s seeing the use of generative AI to create disinformation, misinformation, and even deepfake technology coming into play in elections around the world.

“This year, there are something like 55 elections worldwide – 42% of the Earth’s population is going to be electing new leadership.

“This isn’t just a U.S. problem. We’ve already seen it in Taiwan, [where adversaries] used so-called cheap fakes. And we’ve seen disruptions in places like Pakistan. And here in the U.S., we even saw fake robocalls being used to make it seem as if President Biden was calling people and giving them disinformation.”

Disrupting U.S. Elections

Much of this disinformation will be focused on dissemination in the hours/days before the election in the U.S. However, since it will take one or more days to debunk the information as false, the damage will already have been done, Warmka explains.

“I also anticipate that regardless of which presidential candidate does win the [U.S.] national election, the disinformation campaigns, primarily orchestrated by Russia, will attempt to further promote confusion and division regarding whether or not these were fair and legitimate elections,” Warmka says.

“The ultimate goal is to create distrust in the U.S. democratic process.”

Steve Tcherchian, CISO of cybersecurity company, agrees that nation-state malicious actors and other cybercriminals will be significant threats to the electoral process and public opinion in the U.S. this year.

“We are already seeing disinformation campaigns on social media and fake news websites to polarize opinions and create distrust,” he says.

“And as we saw in previous years, we could also see email accounts hacked, with sensitive information leaked at opportune (or inopportune) times to discredit political figures and sway voters.”

Cyber operations, disinformation campaigns, and AI from nation-state actors within Russia, China, and Iran are bound to disrupt 2024 U.S. elections, says David Kellerman, field chief technology officer at security software company Cymulate.

“With the primary focus to destabilize the democratic process by eroding trust in the system, threat actors are directly attacking election infrastructure, weaponizing AI by creating highly advanced disinformation tools, like deepfakes and bots, and utilizing social media to spread misinformation,” he adds.

While there’s no avoiding this threat, U.S. election officials must remain vigilant and apply a multi-step approach to successfully combat these concerns, according to Kellerman.

“This includes strengthening external cyber defenses, improving the public’s awareness and understanding about disinformation, and ensuring cross-collaboration between government bodies, technology leaders, and civil organizations in the creation of frameworks and guidelines on how to properly utilize AI whilst safeguarding democracy.”

The Bottom Line: Some Good News for the World

However, despite the fact that cyber threat groups are well-funded and have plenty of resources, resources don’t always equate to success, says Mandiant’s McNamara.

“For example, if you look at some of the pro-PRC [People’s Republic of China] information operations that Mandiant has tracked, there’s clearly a lot of resources being spent for them to operate across multiple languages and multiple platforms, but they are not getting any major engagement that we’ve seen,” he says.

According to McNamara, it’s imperative to remember that impacts on elections are not a foregone conclusion, and many of the most sophisticated threat actors have struggled to influence or achieve significant effects on elections despite their best efforts.

“Cyber defenders have learned a lot over the last few election cycles and are far more prepared in their ability to defend against a lot of this activity,” he says.

Eric Noonan, chief executive officer at cybersecurity company Cybersheath, agrees, saying that the U.S. is better prepared to deal with election disruption.

“The risk of disruption to [U.S.] electoral process is real, but in many ways, we are better prepared and protected now than at any time in our history because of the work done by the Cybersecurity and Infrastructure Security Agency (CISA) across many threat vectors,” he says.

The work of the CISA includes both physical and cybersecurity measures, addressing disinformation campaigns and extending support and resources to state and local officials, according to Noonan.

“So while the threats are unrelenting, the federal government has embraced its duty to deliver secure elections in a meaningful and impactful way.”


Related Reading

Related Terms

Linda Rosencrance
Technology journalist
Linda Rosencrance
Technology journalist

Linda Rosencrance is a freelance writer and editor based in the Boston area, with expertise ranging from AI and machine learning to cybersecurity and DevOps. She has been covering IT topics since 1999 as an investigative reporter working for several newspapers in the Boston metro area. Before joining Techopedia in 2022, her articles have appeared in TechTarget,, TechBeacon, IoT World Today, Computerworld, CIO magazine, and many other publications. She also writes white papers, case studies, ebooks, and blog posts for many corporate clients, interviewing key players, including CIOs, CISOs, and other C-suite execs.