US Cyber Operations Disrupted Election Interference as Federal Defenses Were Cut
US Cyber Command and the NSA have repeatedly used covert cyber operations to blunt foreign election interference, including ejecting Iranian hackers from a municipal website used to post unofficial 2020 results before false information could be spread and disrupting Russian influence operators targeting voters ahead of the 2024 election. Officials said the 2020 intrusion did not affect voting, ballot tabulation, or certified results, and described the broader mission as a joint effort with CISA, the FBI, DHS, and other agencies to counter cyberattacks, troll farms, fake websites, and AI-enabled propaganda tied to Russia, Iran, China, North Korea, and non-state actors.
At the same time, the US government has reduced parts of the election security apparatus built after 2016. Reporting says the Trump administration put CISA election security staff who worked with states on leave and dismantled or downsized programs across ODNI, the FBI, the State Department, and CISA that tracked and exposed foreign influence campaigns. Current and former officials warned that the cuts weaken coordination with state and local election officials, reduce visibility into ongoing threats, and leave the country less prepared for future elections even as harassment of election workers and concern over the safety of cyber personnel have pushed agencies to keep some leadership roles out of public view.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
14 events from the most recent confirmed update back to the earliest known activity.
Reports warn election protections were gutted after 2024 cycle
By January 2026, CNN reported that many federal programs built since 2016 to counter foreign election interference had been dismantled, downsized, or deprioritized, including functions at ODNI, the FBI, the State Department, and CISA. Current and former officials warned the cuts reduced visibility into Russian, Chinese, and Iranian threats ahead of the 2026 midterms.
Cyber Command disrupts Russian influence operators before 2024 election
Before the 2024 U.S. election, U.S. Cyber Command carried out a secret operation against at least two Russian companies allegedly running covert influence campaigns in six swing states using anti-Ukraine propaganda. A source said the action slowed Russian activity, though the operators continued producing content through Election Day.
Report says Trump administration dismantles foreign influence defenses
A New York Times report described the Trump administration as dismantling parts of the U.S. government's effort to counter foreign influence operations. The article pointed to reductions affecting multiple agencies involved in election interference monitoring and response.
CISA election security staff working with states are put on leave
The U.S. cyber agency placed election security staffers who had worked with state officials on leave. The move marked a concrete rollback of federal election security support structures.
NSA and Cyber Command revive election security group for 2024 cycle
By March 2024, the joint NSA-Cyber Command Election Security Group was active again ahead of the 2024 U.S. election. Officials kept current leaders unnamed due to safety concerns and highlighted threats from Russia, China, North Korea, Iran, and AI-enabled influence operations.
Hartman publicly discloses 2020 Iranian election-site intrusion
At the RSA Conference, Maj. Gen. William Hartman revealed that Iranian hackers had accessed a U.S. municipal website reporting unofficial 2020 election results and that Cyber Command had removed them. He said the case showed how offensive and defensive cyber teams coordinated to protect election-related systems.
US indicts Iranian hackers over 2020 Proud Boys voter intimidation emails
The U.S. Justice Department indicted two Iranian nationals for their alleged roles in a 2020 cyber-enabled influence operation that sent spoofed Proud Boys emails to intimidate Democratic voters and undermine confidence in the U.S. election. The case marked a formal law-enforcement response to Iran's election interference activity.
Cyber Command operation evicts Chinese hackers from Microsoft attack servers
In 2021, U.S. Cyber Command conducted an operation to remove Chinese hackers from servers being used in attacks exploiting Microsoft email software. Maj. Gen. William Hartman later cited it as one of many overseas cyber operations against foreign adversaries.
CISA shares hacked federal server images with Cyber Command
After the 2020 election period, CISA provided forensic images from hacked federal servers to U.S. Cyber Command. The material supported overseas operations and intelligence collection on Russian espionage tactics.
Krebs says SolarWinds hack should not be conflated with voting security
Following disclosure of the SolarWinds compromise, former CISA director Chris Krebs publicly warned against conflating that espionage campaign with election system security. His comments reinforced that 2020 voting infrastructure had not been shown to be altered by the hack.
US Cyber Command removes Iranian hackers before disinformation could spread
U.S. Cyber Command discovered the Iranian intrusion into the municipal election-results site and kicked the actors off before they could use it to spread false information. The incident was later cited as an example of coordination between Cyber Command and CISA to protect election infrastructure.
Mueller report says Russian troll farm organized dozens of US rallies
Public reporting on the Mueller investigation said Russia's Internet Research Agency organized dozens of rallies in the United States as part of its influence campaign. The disclosure added detail on how Russian online interference extended into real-world political events.
Election Security Group formed to counter Russian interference
U.S. Cyber Command and the NSA created the Russia Small Group in 2018 to counter Russian election interference. The task force later evolved into the broader Election Security Group focused on multiple foreign threats.
Iranian hackers access municipal election-results website
During the 2020 U.S. election, Iranian hackers accessed a municipal website used to report unofficial election results. Officials said the intrusion did not affect voting, vote tabulation, voter data, or certified ballot counts.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections | CNN Politics
cnn.com
Open sourceHow Computer Warfare Is Becoming Part of the Pentagon’s Arsenal - The New York Times
nytimes.com
Open sourceThe Rise and Fall of America’s Response to Foreign Election Meddling | Lawfare
lawfaremedia.org
Open sourceTrump Dismantles Government Fight Against Foreign Influence Operations - The New York Times
nytimes.com
Open sourceUS military kicked Iranian hackers off municipal website reporting unofficial election results in 2020 | CNN Politics
cnn.com
Open sourceUS indicts Iranian hackers for Proud Boys voter intimidation emails
bleepingcomputer.com
Open sourceKrebs Warns Not to 'Conflate' Voting Security, SolarWinds Hack - Business Insider
businessinsider.com
Open sourceMueller identified ‘dozens’ of US rallies organized by Russian troll farm
thehill.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
US Cyber Command Disrupted Russian Election Influence Operations as Federal Defenses Eroded
US Cyber Command secretly targeted at least two Russian companies involved in covert online influence activity ahead of the 2024 US election, according to reporting that said the operation was part of a wider federal effort with the FBI, DHS, and other agencies to expose and disrupt foreign meddling aimed at voters in key swing states. The campaign reportedly pushed anti-Ukraine and anti-politician narratives, and officials said the US action slowed the Russian operation even though propaganda content continued through Election Day. The activity fits a longer pattern of Russian interference in US politics, following earlier US government findings that Moscow targeted election systems in 2016 and subsequent Justice Department charges against Russian individuals and companies tied to interference operations. Officials and former officials warn that many of the structures built after the 2016 election to counter foreign influence have since been dismantled, reduced, or paused, including functions at ODNI, the FBI, the State Department, and CISA. The rollback comes despite continued threats from Russian, Chinese, and Iranian-linked actors using fake websites, AI-enabled propaganda, and cyber activity affecting election infrastructure, raising concerns that the United States has less visibility and fewer coordinated defenses in place for future elections.
May 25, 2026
Trump Administration Cyber Policy Shifts: Regulatory Rollbacks and Reduced Federal Election Security Support
National Cyber Director **Sean Cairncross** called on industry to help the Trump administration **reduce cybersecurity regulatory burden** and improve “friction” points in cyber information sharing, while also urging companies to lobby Congress to renew the expired **Cybersecurity Information Sharing Act of 2015** with a proposed **10-year extension**. Cairncross framed the administration’s approach as partnering with industry rather than expanding private-sector mandates, and said a forthcoming administration cybersecurity strategy would be released “sooner rather than later.” Separately, state election officials are increasingly planning to **self-fund and self-organize election security** as **CISA scales back election security support**, including work related to disinformation, and as election security specialists are reportedly fired or sidelined. With reduced federal staffing and no dedicated congressional election security grant funding, states described feeling they are “going it alone”; Arizona, for example, advanced a **$650,000** state package to patch vulnerabilities and recover from a prior cyberattack on its political candidate portal. A third report described U.S. manufacturers expanding collaboration through **MFG-ISAC**—including tabletop exercises, OT training, and incident response playbooks—but this activity is sector-focused and not directly tied to the federal policy and election-security pullback described elsewhere.
Mar 21, 2026
Researchers Warn of Midterm Threats Targeting Campaigns, Fundraising Platforms, and Local Governments
Check Point warned that threat actors are already preparing to disrupt the 2026 U.S. midterm environment by targeting election-adjacent infrastructure rather than voting machines. The firm reported a surge in newly registered election-themed domains and exposed credentials tied to major political and government platforms including `ActBlue`, `WinRed`, `gop.com`, `democrats.org`, and `usa.gov`, creating opportunities for phishing, impersonation, fake donation pages, credential theft, and broader trust-eroding disruptions. Researchers identified Russia, Iran, and China as the principal state actors to watch, alongside risks from misinformation and foreign influence operations. The report said AI is likely to amplify these threats by helping adversaries scale convincing phishing lures, cloned audio, manipulated images, and deepfake videos during politically sensitive periods. It also highlighted local governments as a weak point because of aging technology, limited budgets, and small security teams, pointing to ransomware incidents in Winona County, Minnesota, and Foster City, California. The warning comes as officials debate the future of the federal election security posture, including a budget proposal that would eliminate CISA’s election security program and concerns about reduced preparedness ahead of the midterms.
Jun 2, 2026