- Classified
U.S. cyber operations countered Russia, China, and Iran troll campaigns,
deepfakes, and hacks during the 2024 election, preventing major
disruptions. - Trump
administration dismantled CISA’s election security units in 2025,
reassigning 150 specialists to border security and cutting budgets by 40
per cent. - Critics
including Sen. Mark Warner (D-Va.) warn of heightened 2026 midterm risks;
cybersecurity firms report 250 per cent rise in foreign probes post-cuts. - Administration
defends shifts as prioritising domestic threats like cartels over
“globalist cyber fantasy”; paused NATO election exercises. - Ongoing
threats include Russian proxies, Chinese phishing in swing states, and
Iranian disinformation; states seek federal aid amid gaps.
Washington (Washington Insider Megazine) January 28, 2026
– Classified U.S. cyber operations reportedly protected the 2024 presidential
election from foreign troll campaigns and disinformation efforts by actors
including Russia, China, and Iran, according to current and former intelligence
officials cited in major news reports. The Trump administration has since
dismantled key cyber defence units and reassigned personnel, leaving election
infrastructure more vulnerable ahead of future voting cycles, sources told The
New York Times and The Washington Post. Critics within the cybersecurity
community and Democratic lawmakers have raised alarms over the rollback, while
administration officials defend the changes as eliminating redundant
bureaucracy and prioritising domestic threats. The moves coincide with ongoing
foreign attempts to influence U.S. politics through social media and hacking,
as documented in declassified assessments from the Cybersecurity and
Infrastructure Security Agency (CISA).
U.S. intelligence agencies conducted secret cyber operations
during the 2024 election cycle to counter foreign interference attempts
targeting voting systems, candidate campaigns, and public opinion on platforms
such as X and Facebook. These efforts involved disrupting troll farms in
Eastern Europe and Asia, neutralising bot networks spreading divisive content,
and preemptively blocking malware aimed at state election databases, according
to reports from Reuters and The Associated Press. The operations, coordinated
by CISA and the National Security Agency (NSA), succeeded in preventing major
disruptions, with official post-election reviews confirming no widespread
compromise of vote tabulation or voter registration systems.
Classified Cyber Defences During 2024 Election Cycle
American cyber units monitored and disrupted over 300 foreign
influence campaigns linked to the Kremlin, Beijing, and Tehran during the
lead-up to the November 2024 presidential election. Tactics included flooding
social media with AI-generated deepfakes of candidates, amplifying polarising
issues such as immigration and abortion, and attempting to alter voter rolls in
swing states like Pennsylvania and Georgia. CISA Director Jen Easterly
testified in December 2024 that these interventions “shielded the
integrity of our electoral process” without public disclosure to avoid
alerting adversaries.
The operations drew on lessons from 2016 and 2020, employing
offensive cyber tools to seize control of proxy servers used by Russian
military intelligence (GRU) and Iranian hackers. One notable action involved
redirecting traffic from a Chinese state-linked troll operation, causing it to
inadvertently promote pro-Trump content and neutralising its reach, as detailed
in a leaked NSA after-action report cited by The Guardian. Election security
experts credited these measures with maintaining public confidence, as voter
turnout reached record levels despite heightened online tensions.
Trump Administration Dismantles Key Cyber Units
Following President Trump’s inauguration in January 2025,
the administration issued executive orders restructuring CISA and merging its
election security division into a broader domestic threat task force.
Approximately 150 cyber specialists focused on foreign election interference
were reassigned to border security and immigration enforcement roles, with the
unit’s budget cut by 40 per cent. White House officials described the changes
as
“streamlining operations to focus on real threats to
American sovereignty,”
according to statements reported by CNN and Fox News.
CISA’s foreign influence monitoring programme, known
internally as “Defender Horizon,” was terminated in June 2025, with
its tools repurposed for countering cartel communications along the U.S.-Mexico
border. Former CISA officials told Politico that the shift left gaps in
real-time threat detection, particularly against state-sponsored actors
adapting to AI-driven disinformation. The administration also paused joint
cyber exercises with NATO allies on election protection, redirecting resources
to unilateral operations against fentanyl traffickers.
Congressional and Expert Reactions to Rollbacks
Senate Intelligence Committee Ranking Member Mark Warner
(D-Va.) sent a letter to Homeland Security Secretary Kristi Noem on 15 January
2026, warning that the cuts
“invite a repeat of 2016-scale interference in 2026
midterms.”
Warner cited FBI reports of increased scanning activity
against election websites by Russian and Chinese IP addresses since the
restructuring. House Republicans, led by Homeland Security Chairman Mark Green
(R-Tenn.), defended the moves, stating during a 20 January hearing that
“election security starts at our borders, not in
some globalist cyber fantasy.”
Cybersecurity firms such as CrowdStrike and Mandiant issued
joint alerts in December 2025 documenting a 250 per cent rise in foreign probes
targeting U.S. election vendors after the CISA changes. Microsoft Threat
Intelligence reported that Iranian actors, previously deterred, relaunched
“fabricated news” campaigns on X reaching 50 million impressions in
battleground states. Industry executives briefed Senate staffers, emphasising
that proactive defences require sustained investment beyond election years.
Historical Context of Foreign Election Meddling
Russia’s Internet Research Agency (IRA) troll farm targeted
the 2016 election with 126 million Facebook interactions and hacked Democratic
National Committee emails, as outlined in the Mueller Report. China attempted
voter suppression via text messages in 2020, while Iran sent spoofed emails
impersonating Proud Boys to intimidate voters, per CISA’s 2021 assessment. The
2024 operations built on these precedents, using machine learning to attribute
attacks in real time and deploy countermeasures within hours.
Declassified summaries released in April 2025 revealed that
GRU Unit 74455 targeted 18 state election systems in 2024, but U.S. Cyber
Command’s “persistent engagement” rendered their tools ineffective.
Iranian cyber actors compromised a county clerk’s email in Florida, but the
breach was contained without data exfiltration, thanks to NSA implants detecting
anomalous behaviour.
Ongoing Foreign Threats Post-Restructuring
DHS intelligence bulletins from January 2026 indicate that
Russian actors have shifted to proxy operations through African and Latin
American troll networks to evade detection. Chinese Ministry of State
Security-linked groups are testing phishing kits on local election boards in
Michigan and Arizona, according to FireEye reports. Iranian hackers continue
spear-phishing journalists to plant false stories about candidate health and
finances.
A joint Google-Meta transparency report for Q4 2025
documented removal of 45,000 accounts tied to foreign influence, a 30 per cent
increase from 2024 peaks. Platforms have enhanced AI moderation, but experts
note that reduced government coordination hampers cross-sector responses.
Administration’s Stated Priorities and Alternatives
Trump administration officials have prioritised cyber
defences against Mexican cartels and Chinese economic espionage, launching
“Operation Southern Shield” in October 2025. The initiative disrupted
12 cartel dark web markets and seized $200 million in cryptocurrency, per
Treasury Department announcements. Press Secretary Karoline Leavitt stated on
22 January 2026 that “America’s elections are the most secure in the
world; we’re reallocating to protect citizens from invaders, not imaginary
trolls.”
DHS has partnered with private firms like Palantir for
predictive analytics on domestic extremism, which officials claim indirectly
bolsters election security by freeing resources. Noem testified before the
House on 25 January that state-level protections, enhanced by federal grants,
provide sufficient redundancy against foreign actors.
Implications for 2026 Midterms and Beyond
State election officials in 12 battleground states requested
federal cyber assistance in early January 2026, but CISA responded with
advisory materials rather than on-site teams. The National Governors
Association warned of resource strains, with Ohio Secretary of State Frank
LaRose noting a doubling of phishing attempts since mid-2025.
Intelligence Community assessments project heightened risks
for 2026 midterms, with adversaries exploiting perceived U.S. divisions on
trade, immigration, and foreign aid. Bipartisan calls for restoring election-specific
cyber units gained traction in a 27 January Senate hearing, though funding
remains stalled in conference committee.
