Changing Ballots and Minds: Russian Influence Operations and The 2024 US Presidential Election

Published by:
SecAlliance
Published on:
November 7, 2024

The purpose of this report is to investigate the potential for Russian interference in the upcoming 2024 US Presidential election. This investigation is both timely and essential due to the Kremlin’s sophisticated tactics aimed not only at directly influencing the outcome of the election but, more broadly – creating social discord, eroding trust in democratic institutions, and nudging the political climate toward authoritarianism. These shifts will ultimately begin to destabilise US alliances, undermine Western values, and allow the Kremlin to advance Russia’s geopolitical interests. The report offers insights into this disinformation ecosystem and highlights potential for future operations.  

Russian Influence Operations – An Overview

Historically, Russia has used influence operations as part of its broader toolbox of statecraft in order to achieve its geostrategic objectives. These operations are part of Russia’s ‘active measures’, a Soviet-era term coined in the 1950s which encapsulated covert and deniable activities, including but not limited to:

  • Political influence and subversion operations.
  • The establishment of front organisations.
  • The backing of sympathetic political movements in foreign countries.
  • The orchestration and stoking of social unrest.
  • The spreading of misinformation and disinformation.

The use of influence operations to interfere with election outcomes in adversarial states is a long-standing operational model for the Kremlin. Rooted in Russia’s grey strategic operational culture, which is just short of war, influence operations seek to bring the battle of modern wars away from the battlefield and into the consciousness of ideas.

Put simply, influence operations are “activities designed to distract, disrupt, dissuade, or distort” a target country or audience’s perception of a situation [Source]. Manipulation happens at both the macro and micro levels, and operations are often covert, unattributable, or deniable. However, they can also be more overt, using Russian assets as mouthpieces for the objectives of the Kremlin.

Influence operations, and active measures more broadly, seek to leverage Russia’s strengths in order to exploit perceived Western weaknesses and hypocrisies, including the West’s commitment to open politics, free speech, and democracy. Ultimately, the Russian belief is that modern wars – whether they be hot or cold – are waged not only on the battlefield, but through the consciousness of ideas as well. It is also a belief that is predicated on an assumption that the world is a place hostile to Russian interests, where covert attempts are made to undermine Russia’s institutions and limit its international influence.  

Russian State or State-Aligned Participants in Influence Operations

Due to the universality of application, the Russian institutions and aligned individuals involved in the propagation of influence operations are manifold and, broadly speaking, encompass the following:

The Intelligence Community

The agencies are the main players in the deployment of influence operations, and the Kremlin is dependent upon them for their success in attaining and propagating the state’s strategic objectives.

  • Foreign Intelligence Service (SVR): Russia’s civilian foreign intelligence agency. Known publicly as APT29 (aka Cosy Bear, The Dukes)
  • Federal Security Service (FSB): Although the FSB is primarily a domestic agency, its influence operations have been observed beyond the Russian state.
    • Centre 18: Centre for Information Security (TsIB) Military Unit 64829 – known publicly as Calisto Group (aka Star Blizzard, SEABORGIUM, TA446, COLDRIVER, TAG:53 and Blue Charlie)
    • Centre 16: Centre of the collection of Radio-Electronic Intelligence on communication facilities – known publicly as Dragonfly (aka Energetic Bear, Berserk Bear, Iron Liberty, Allanite, Casstle, Crouching Yeti, Dymalloy and TG-4192) and Turla Group (aka Uroboros, Venomous Bear and Snake)
  • Main Directorate of the General Staff of the Armed Forces (GRU): Russia’s foreign military intelligence agency, and arguably larger than its civilian counterpart, the SVR.
    • GRU 85th – known publicly as APT28 (aka Fancy Bear and Strontium)
    • GRU GTsST – known publicly as Sandworm

Russian Approaches in the Three Domains

The approach of Russian influence operations is, broadly speaking, to exploit division, push lies and deny everything. Operations typically seek to wield influence in three domains: the cognitive, the physical, and the digital [Source].

Figure 01 – The three domains in context [Source]

SecAlliance has assessed, with a high likelihood, that Russia will use its established approach in the three domains – the cognitive, physical, and digital – to conduct sophisticated, comprehensive, and far-reaching influence operations against the 2024 US Presidential Election. These are most likely to be conducted within the context of two ongoing influence operations, notably Operation Overload / Matryoshka and Doppelgänger.

The cognitive domain, in this context, refers to the way in which a target audience thinks, how it identifies its values and ethics and, ultimately, its ideology. The approach is this: influence operations are conducted in the physical and digital domains, traditionally in pursuit of an immediate effect, but are ultimately undertaken with the overarching aim of having a long-standing, pervasive, and encompassing effect in the cognitive domain. The results being sought in the cognitive domain are linked to Russian objectives that may sit at the tactical, strategic, or operational levels, depending on the desired outcome and purpose of the operation.

In the physical domain, all three intelligence agencies – FSB, SVR, and the GRU – are engaged in operations, in addition to ‘independent’ individuals and organisations, which are aggressively targeted at a specific audience. These have their operational strategies and origins in the Soviet era, but the current level of scale, speed, penetration and effect have changed dramatically in the Putin era [Source]. The threat has gained a new urgency, because of the interconnectivity, from a framework perspective, of the digital and physical domains; this is particularly true in the context of critical national infrastructure that supports the internet and other digital communications.

The digital domain similarly sees operations from all three agencies, with actions ranging from espionage to destructive cyber operations. In Russia’s hybrid warfare doctrine, the digital domain is often referred to as a “chaos enabler”, or khaotizatsiya, which plays a key role in influencing the cognitive domain [Source]. Despite attempts to call out Russian operations and sanction the individuals involved, this has done little to deter operators. As highlighted by the International Centre for Defence and Security, this inability to deter has allowed the Russian state to “take full advantage of the attribution problem and outsource operations so that they are said to be unconnected” to the Kremlin [Source].

While operations conducted in the physical and digital domains will seek to evoke an immediate effect in their respective contexts, these operations are ultimately supporting Russia’s strategic objectives – broadly, western destabilisation – in the cognitive domain. These operations have been operationally in pursuit since at least the 2016 US Presidential Election. Within the American context specifically, the Kremlin’s objectives in the cognitive domain are almost certainly as follows:

  • Discrediting of American democracy;
  • Sowing discord and mistrust in both the concept and application of liberal western values;
  • Pushing the political temperature in the United States further toward authoritarianism.

The targeting of the 2024 US Presidential Election is assessed by SecAlliance to not only be a third phase in a long-standing cognitive-based influence operation against the US by Russia, but that it also represents a watershed moment in terms of how the balance between democracy and authoritarianism will be struck in the next presidency – with challenges, in this respect, that will emerge regardless of whether Kamala Harris or Donald Trump sits in the Oval Office.

US Presidential Election Targeting 2016-2024

The use of influence operations to interfere with election outcomes in adversarial states is a long-standing operational model for the Russian and previously Soviet state.

During the 2016 election, Russian influence operations were designed to manipulate the cognitive domain of the American electorate, primarily by using both physical and digital tactics to shape public perception and undermine trust in democratic processes.  

By the 2020 Presidential Election, Russian influence campaigns became more nuanced in their efforts to affect the cognitive domain, again leveraging physical and digital operations to destabilise trust in the US election system.  

In this context, influence operations have run from the simplicity of funding opposition parties – predominantly those on the far right in countries where democracy underpins political culture – all the way to active and comprehensive efforts to alter the outcome of the election, as seen in the 2016 US Presidential Election.

A core underpinning ethos of influence operations is the ability to use them in contexts where kinetic warfare is not feasible; as such, the utilisation of election-related operations in the Cold War – a context in which warring ideologies defined the strategic reach of both superpowers – was constant and pervasive by the Soviet Union as it attempted to further its communist reach. This approach has not changed under the leadership of Putin, who has similarly used elections targeting as a way to ensure that Kremlin-friendly leadership is at the helm, or at least exists prominently within, a democratic state’s power structures. As such, the use of influence operations to target elections, historically and in the present day, has been an effort to maximise political leverage and subvert civil society in democratic nations.

Assessment

Although this assessment is being conducted through the lens of the 2024 US Presidential Election, the strategic outcome desired by the Kremlin is not one specifically tied to the outcome of which candidate reigns supreme on 05 November 2024 – nor did the setting of those objectives begin in the lead-up to November. Rather, SecAlliance has assessed that the desired shift that the Kremlin seeks to push within the cognitive domain of the American population is one which is, fundamentally, rooted in the fallout of the Cold War period – in which the US’ superpower standing was entrenched, alongside democracy as the political ‘winner’.

Although operations in the physical and digital domains have been applied differently across the 2016, 2020, and likely 2024 elections, the primary strategic objectives targeting the cognitive domain have almost certainly not changed. Interference in 2016 planted the seeds of these objectives in the cognitive domain, by weaponising the structures of free speech in order to prey upon pre-existing ideological cleavages within American society – e.g., the perceived disenfranchisement and powerlessness of ‘poor whites’, the racial injustices underpinning American freedoms, and the perception that the practical application of rights and access to fundamental freedoms is not equal across the American electorate.  

Whilst the outcome of the election is yet to be seen, the damage has already been incurred and the erosion of trust in American governance is in its full throes – and it is a realistic possibility that this shift in the American cognitive domain is irreversible. In terms of what may happen next and how this will affect the cognitive domain, there are two likely outcomes depending on whether a Trump or Harris presidency occur:

  • In a Harris Administration, the deepening of societal divisions – between pro-democracy and pro-Trump/anti-government factions – will become more pronounced. This will leave even greater opportunity for Russian influence operation narratives to take hold, push the American people farther away from one another ideologically, and further demean trust in democracy by fostering ‘stolen election’ narratives. The constitutional legitimacy crisis will almost certainly feature as a key narrative in Russian operations targeting the cognitive domain.
  • In a Trump Administration, Trump’s fundamentally isolationalist approach from a foreign policy perspective would highly likely be weaponised by the Kremlin to create a narrative echo-chamber effect where more extreme and authoritarian viewpoints could be shifted into mainstream American political consciousness. This would achieve the Kremlin’s objectives in the cognitive domain, of moving American political culture away from democracy.

However, while the Kremlin’s primary objective is to shift thinking within the cognitive domain of the American electorate, it is the operations undertaken within the physical and digital domains which are critical in supporting that shift. In the run up to the election, offensive cyberattacks may become more aggressive and attempts to gain unauthorised access into voting machines or to disrupt information in the wake of the election result are a realistic possibility. This may lead to potential vote tabulation delays or vote reporting errors.

While the predominance of this report has sought to assess both the ‘why’ and the ‘how’ of Russian influence operations targeting the 2024 US Presidential Election, there are also important lessons learned which can be applied to the cyber threat landscape more generally. The two key takeaways are as follows:

  • The tactics used in these Russian disinformation operations demonstrate how cyber capabilities can be weaponised to disrupt democratic processes, sow distrust, and weaken institutions on a global scale.
  • The focus on elections demonstrates a broader strategy aimed at influencing public perception and undermining trust in broadly democratic institutions. Other critical sectors - such as media, financial systems, and healthcare - are also vulnerable to cyber-attacks with implications that could destabilise entire countries.

Implications of Russian Election Interference on the Cyber Threat Landscape

While the impact of Russian election interference on the cyber threat landscape may not be immediately apparent in the days and months following the election date itself, Russian election interference has significant implications for the broader cyber threat landscape. The tactics used in these operations demonstrate how cyber capabilities can be weaponised to disrupt democratic processes, sow distrust, and weaken institutions on a global scale.

The 2016 Presidential Election showcased the advanced cyber capabilities of state-sponsored actors, particularly Russia. Through highly targeted spear phishing campaigns, hackers breached political figures' communications, exposing sensitive data and compromising private networks. Concurrently, these actors exploited social media and news platforms to propagate misinformation, disrupting public trust and deepening political divides. These actions demonstrated not only the effectiveness of influencing the cognitive domain but also underscored the broader implications for the cyber threat landscape. The weaponisation of cyber tools by state-sponsored groups to undermine democratic processes during an election highlights a dangerous precedent. These same tactics, ranging from data breaches to disinformation campaigns, could be adapted to disrupt international events or de-stabilise social norms across any sector, signaling a growing global cyber threat.

By infiltrating digital systems and spreading manipulated information, Russian actors have played a key role in eroding trust in technology and democratic processes. The effects of these operations are evident within the United States, where Russian-backed disinformation has been amplified by political allies. For example, during the 2016 Presidential Election, supporters of Donald Trump echoed false narratives - such as claims of widespread voter fraud - that were traced back to Russian propaganda. These disinformation tactics have persisted, fueling divisive rhetoric around issues like election integrity and amplifying calls of “fake news” for any reports that don’t align with their preferred political narratives.

Not only does the electorate’s confidence in the United States’ political system and voting process diminish, but due to the increasingly reliance on digital infrastructure to conduct voting faith in these technologies are likely to also be affected. Adversely, threat actors looking to compromise technologies associated with the voting process may also look to increasingly target technology corporation and their respective supply chains.

The focus on elections demonstrates a broader strategy aimed at influencing public perception and undermining trust in broadly democratic institutions. Other critical sectors - such as media, financial systems, and healthcare - are also vulnerable to cyber-attacks with implications that could de-stabilise entire countries.

To request the full report, please submit your details below: