The US National Security Agency and Cyber Command conducted an operation against Iran within the last two weeks as part of a broader effort to protect the 2020 election from foreign interference, a US official told CNN Tuesday.
The recent operation, which was first reported by the Washington Post, targeted Iranian hackers working for the Islamic Revolutionary Guard Corps after they carried out an attack last month – posing as the far-right group Proud Boys to send threatening emails to American voters, the official said.
US Cyber Command, which is led by Gen. Paul Nakasone, who also oversees the NSA, did not immediately respond to CNN’s request for comment.
Details of the specific US operation targeting Iranian hackers remain unclear but the news comes as officials remain on high-alert for potential foreign interference on Election Day.
A US official also told CNN on Monday that US Cyber Command expanded its operations aimed at identifying malicious foreign cyber actors before Tuesday’s election, conducting missions to not only seek out Russian hackers, but those from all major adversaries, including Iran and China.
The same US official said that cyber operations against foreign actors, across the whole spectrum of offensive and defensive measures, began ahead of the election and will continue after the final ballot is cast.
This expansion of Cyber Command’s “hunt forward” operations ahead of Election Day, which built on an effort that began in 2018 to identify foreign hackers and tactics, was first reported by The New York Times.
And while a senior election security official from the Cybersecurity and Infrastructure Security Agency told reporters Tuesday that “it has been quiet” as far as foreign interference and malicious cyber activity are concerned, they also cautioned that “we’re not out of the woods yet” – making it clear relevant agencies remain on high alert.
“This is just the time where polls start closing, where numbers, early unofficial results start going off on election night reporting sites, where we would start seeing the ‘three Ds’ … disruptions due to demand, defacement or denial of service attacks,” the official said.
“There could be disruptions, but those election night reporting websites do not tie back to the official count or the certification process. They’re wholly separate,” they added.
Federal officials will remain in that posture over the next several weeks, the senior CISA official told reporters when asked to compare the level of foreign activity to what was observed in 2018.
“The attack surface particularly for disinformation and foreign interference extends well into the next month or two,” the senior CISA official said. “So there is no spiking the football here. We are acutely focused on the mission at hand.”
CNN’s Geneva Sands and Alex Marquardt contributed to this report.