US Cyber Command Disrupted Russian Election Influence Operations as Federal Defenses Eroded
US Cyber Command secretly targeted at least two Russian companies involved in covert online influence activity ahead of the 2024 US election, according to reporting that said the operation was part of a wider federal effort with the FBI, DHS, and other agencies to expose and disrupt foreign meddling aimed at voters in key swing states. The campaign reportedly pushed anti-Ukraine and anti-politician narratives, and officials said the US action slowed the Russian operation even though propaganda content continued through Election Day. The activity fits a longer pattern of Russian interference in US politics, following earlier US government findings that Moscow targeted election systems in 2016 and subsequent Justice Department charges against Russian individuals and companies tied to interference operations.
Officials and former officials warn that many of the structures built after the 2016 election to counter foreign influence have since been dismantled, reduced, or paused, including functions at ODNI, the FBI, the State Department, and CISA. The rollback comes despite continued threats from Russian, Chinese, and Iranian-linked actors using fake websites, AI-enabled propaganda, and cyber activity affecting election infrastructure, raising concerns that the United States has less visibility and fewer coordinated defenses in place for future elections.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
US Cyber Command secretly disrupts Russian influence operators before 2024 vote
Weeks before the 2024 US election, US Cyber Command reportedly conducted a secret operation against at least two Russian companies involved in covert online influence activity targeting voters in six swing states. One source said the action slowed the Russian operation, though content production continued through Election Day.
Trump administration dismantles parts of federal counter-influence apparatus
After taking office for a second term, the Trump administration reportedly disbanded, downsized, or paused multiple federal programs and interagency centers focused on foreign influence threats, including units at ODNI, the FBI, State Department, and CISA. Current and former officials warned the cuts reduced visibility into threats and weakened support for election officials ahead of the 2026 midterms.
Broader US agencies work to expose and disrupt 2024 election meddling
During the 2024 election period, agencies including the FBI and DHS participated in a broader effort to expose and disrupt foreign meddling by Russia and Iran. The campaign addressed propaganda, fake websites, AI-enabled influence content, and cyber incidents affecting election infrastructure.
US announces charges, sanctions, and domain seizures over Russian 2024 influence op
The Biden administration unveiled a major response to an alleged Russian government-backed campaign targeting the 2024 US election, including criminal charges against two Russian nationals, sanctions on 10 individuals and entities, and the seizure of 32 internet domains. US officials said the operation used fake personas, fake news sites, and covert funding to push pro-Republican narratives and target swing-state voters.
US builds interagency defenses against foreign election influence
In the years after 2016, the US government established and expanded programs across agencies including the FBI, DHS, ODNI, State Department, and CISA to expose and disrupt foreign influence operations. These structures formed the basis of later election-security efforts.
DOJ indicts Russians and Russian firms over election interference scheme
A federal grand jury indicted 13 Russian individuals and three Russian companies for a scheme to interfere in the US political system. The case publicly detailed alleged Russian social media and influence operations targeting American politics.
Obama administration concludes Russia meddled in the 2016 election
By December 2016, the Obama administration had concluded that Russia interfered in the US election, and intelligence agencies later assessed the effort was intended, at least in later stages, to benefit Donald Trump. Senior lawmakers from both parties called for investigation and deterrence measures.
US formally blames Russia for targeting election systems
The US government publicly accused the Russian government of directing compromises and disclosures tied to US political organizations and of targeting state election systems. This marked a major official attribution of foreign interference in the 2016 election.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections | CNN Politics
edition.cnn.com
Open sourceBiden administration announces major actions to tackle Russian efforts to influence 2024 election | CNN Politics
cnn.com
Open sourceWhat Matters: The suspected Russian hack of the US government, explained | CNN Politics
cnn.com
Open sourceDNC: The Russians had been booted from our system by the time DHS called - POLITICO
politico.com
Open sourceTrump Links C.I.A. Reports on Russia to Democrats’ Shame Over Election - The New York Times
nytimes.com
Open sourceUS blames Russia for targeting election systems | CNN Politics
edition.cnn.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
US Cyber Operations Disrupted Election Interference as Federal Defenses Were Cut
US Cyber Command and the NSA have repeatedly used covert cyber operations to blunt foreign election interference, including ejecting Iranian hackers from a municipal website used to post unofficial 2020 results before false information could be spread and disrupting Russian influence operators targeting voters ahead of the 2024 election. Officials said the 2020 intrusion did not affect voting, ballot tabulation, or certified results, and described the broader mission as a joint effort with CISA, the FBI, DHS, and other agencies to counter cyberattacks, troll farms, fake websites, and AI-enabled propaganda tied to Russia, Iran, China, North Korea, and non-state actors. At the same time, the US government has reduced parts of the election security apparatus built after 2016. Reporting says the Trump administration put CISA election security staff who worked with states on leave and dismantled or downsized programs across ODNI, the FBI, the State Department, and CISA that tracked and exposed foreign influence campaigns. Current and former officials warned that the cuts weaken coordination with state and local election officials, reduce visibility into ongoing threats, and leave the country less prepared for future elections even as harassment of election workers and concern over the safety of cyber personnel have pushed agencies to keep some leadership roles out of public view.
May 25, 2026
Operation Overload Impersonates Media to Influence the US Election
A Russia-aligned influence operation known as **Operation Overload**—also tracked as **Matryoshka** and **Storm-1679**—has used fake news sites, bogus fact-checking resources, AI-generated audio, and impersonation of trusted media brands to shape narratives around the US presidential election. Researchers said the campaign has heavily targeted journalists, fact-checkers, and researchers with deceptive verification requests designed to draw false claims into mainstream reporting, while coordinated inauthentic social media activity amplified the same narratives directly to the public. The operation has sought to undermine trust in the election process, inflame fears of political violence, and exploit polarizing issues to deepen social divisions. Reported themes included fabricated scandal narratives aimed at **Vice President Kamala Harris**, attacks portraying Ukrainians and the **LGBTQIA+** community negatively, and messaging intended to weaken support for Ukraine; the campaign had also previously attempted similar interference around the French elections and the Paris Olympics and was expected to intensify as the US vote approached.
Oct 23, 2024
Researchers Warn of Midterm Threats Targeting Campaigns, Fundraising Platforms, and Local Governments
Check Point warned that threat actors are already preparing to disrupt the 2026 U.S. midterm environment by targeting election-adjacent infrastructure rather than voting machines. The firm reported a surge in newly registered election-themed domains and exposed credentials tied to major political and government platforms including `ActBlue`, `WinRed`, `gop.com`, `democrats.org`, and `usa.gov`, creating opportunities for phishing, impersonation, fake donation pages, credential theft, and broader trust-eroding disruptions. Researchers identified Russia, Iran, and China as the principal state actors to watch, alongside risks from misinformation and foreign influence operations. The report said AI is likely to amplify these threats by helping adversaries scale convincing phishing lures, cloned audio, manipulated images, and deepfake videos during politically sensitive periods. It also highlighted local governments as a weak point because of aging technology, limited budgets, and small security teams, pointing to ransomware incidents in Winona County, Minnesota, and Foster City, California. The warning comes as officials debate the future of the federal election security posture, including a budget proposal that would eliminate CISA’s election security program and concerns about reduced preparedness ahead of the midterms.
Jun 2, 2026