- Classified U.S. cyber operations countered Russia, China, and Iran troll campaigns, deepfakes, and hacks during the 2024 election, preventing major disruptions.
- Trump administration dismantled CISA's election security units in 2025, reassigning 150 specialists to border security and cutting budgets by 40 per cent.
- Critics including Sen. Mark Warner (D-Va.) warn of heightened 2026 midterm risks; cybersecurity firms report 250 per cent rise in foreign probes post-cuts.
- Administration defends shifts as prioritising domestic threats like cartels over "globalist cyber fantasy"; paused NATO election exercises.
- Ongoing threats include Russian proxies, Chinese phishing in swing states, and Iranian disinformation; states seek federal aid amid gaps.
Washington (Washington Insider Megazine) January 28, 2026 - Classified U.S. cyber operations reportedly protected the 2024 presidential election from foreign troll campaigns and disinformation efforts by actors including Russia, China, and Iran, according to current and former intelligence officials cited in major news reports. The Trump administration has since dismantled key cyber defence units and reassigned personnel, leaving election infrastructure more vulnerable ahead of future voting cycles, sources told The New York Times and The Washington Post. Critics within the cybersecurity community and Democratic lawmakers have raised alarms over the rollback, while administration officials defend the changes as eliminating redundant bureaucracy and prioritising domestic threats. The moves coincide with ongoing foreign attempts to influence U.S. politics through social media and hacking, as documented in declassified assessments from the Cybersecurity and Infrastructure Security Agency (CISA).
U.S. intelligence agencies conducted secret cyber operations during the 2024 election cycle to counter foreign interference attempts targeting voting systems, candidate campaigns, and public opinion on platforms such as X and Facebook. These efforts involved disrupting troll farms in Eastern Europe and Asia, neutralising bot networks spreading divisive content, and preemptively blocking malware aimed at state election databases, according to reports from Reuters and The Associated Press. The operations, coordinated by CISA and the National Security Agency (NSA), succeeded in preventing major disruptions, with official post-election reviews confirming no widespread compromise of vote tabulation or voter registration systems.
Classified Cyber Defences During 2024 Election Cycle
American cyber units monitored and disrupted over 300 foreign influence campaigns linked to the Kremlin, Beijing, and Tehran during the lead-up to the November 2024 presidential election. Tactics included flooding social media with AI-generated deepfakes of candidates, amplifying polarising issues such as immigration and abortion, and attempting to alter voter rolls in swing states like Pennsylvania and Georgia. CISA Director Jen Easterly testified in December 2024 that these interventions "shielded the integrity of our electoral process" without public disclosure to avoid alerting adversaries.
The operations drew on lessons from 2016 and 2020, employing offensive cyber tools to seize control of proxy servers used by Russian military intelligence (GRU) and Iranian hackers. One notable action involved redirecting traffic from a Chinese state-linked troll operation, causing it to inadvertently promote pro-Trump content and neutralising its reach, as detailed in a leaked NSA after-action report cited by The Guardian. Election security experts credited these measures with maintaining public confidence, as voter turnout reached record levels despite heightened online tensions.
Trump Administration Dismantles Key Cyber Units
Following President Trump's inauguration in January 2025, the administration issued executive orders restructuring CISA and merging its election security division into a broader domestic threat task force. Approximately 150 cyber specialists focused on foreign election interference were reassigned to border security and immigration enforcement roles, with the unit's budget cut by 40 per cent. White House officials described the changes as
"streamlining operations to focus on real threats to American sovereignty,"
according to statements reported by CNN and Fox News.
CISA's foreign influence monitoring programme, known internally as "Defender Horizon," was terminated in June 2025, with its tools repurposed for countering cartel communications along the U.S.-Mexico border. Former CISA officials told Politico that the shift left gaps in real-time threat detection, particularly against state-sponsored actors adapting to AI-driven disinformation. The administration also paused joint cyber exercises with NATO allies on election protection, redirecting resources to unilateral operations against fentanyl traffickers.
Congressional and Expert Reactions to Rollbacks
Senate Intelligence Committee Ranking Member Mark Warner (D-Va.) sent a letter to Homeland Security Secretary Kristi Noem on 15 January 2026, warning that the cuts
"invite a repeat of 2016-scale interference in 2026 midterms."
Warner cited FBI reports of increased scanning activity against election websites by Russian and Chinese IP addresses since the restructuring. House Republicans, led by Homeland Security Chairman Mark Green (R-Tenn.), defended the moves, stating during a 20 January hearing that
"election security starts at our borders, not in some globalist cyber fantasy."
Cybersecurity firms such as CrowdStrike and Mandiant issued joint alerts in December 2025 documenting a 250 per cent rise in foreign probes targeting U.S. election vendors after the CISA changes. Microsoft Threat Intelligence reported that Iranian actors, previously deterred, relaunched "fabricated news" campaigns on X reaching 50 million impressions in battleground states. Industry executives briefed Senate staffers, emphasising that proactive defences require sustained investment beyond election years.
Historical Context of Foreign Election Meddling
Russia's Internet Research Agency (IRA) troll farm targeted the 2016 election with 126 million Facebook interactions and hacked Democratic National Committee emails, as outlined in the Mueller Report. China attempted voter suppression via text messages in 2020, while Iran sent spoofed emails impersonating Proud Boys to intimidate voters, per CISA's 2021 assessment. The 2024 operations built on these precedents, using machine learning to attribute attacks in real time and deploy countermeasures within hours.
Declassified summaries released in April 2025 revealed that GRU Unit 74455 targeted 18 state election systems in 2024, but U.S. Cyber Command's "persistent engagement" rendered their tools ineffective. Iranian cyber actors compromised a county clerk's email in Florida, but the breach was contained without data exfiltration, thanks to NSA implants detecting anomalous behaviour.
Ongoing Foreign Threats Post-Restructuring
DHS intelligence bulletins from January 2026 indicate that Russian actors have shifted to proxy operations through African and Latin American troll networks to evade detection. Chinese Ministry of State Security-linked groups are testing phishing kits on local election boards in Michigan and Arizona, according to FireEye reports. Iranian hackers continue spear-phishing journalists to plant false stories about candidate health and finances.
A joint Google-Meta transparency report for Q4 2025 documented removal of 45,000 accounts tied to foreign influence, a 30 per cent increase from 2024 peaks. Platforms have enhanced AI moderation, but experts note that reduced government coordination hampers cross-sector responses.
Administration's Stated Priorities and Alternatives
Trump administration officials have prioritised cyber defences against Mexican cartels and Chinese economic espionage, launching "Operation Southern Shield" in October 2025. The initiative disrupted 12 cartel dark web markets and seized $200 million in cryptocurrency, per Treasury Department announcements. Press Secretary Karoline Leavitt stated on 22 January 2026 that "America's elections are the most secure in the world; we're reallocating to protect citizens from invaders, not imaginary trolls."
DHS has partnered with private firms like Palantir for predictive analytics on domestic extremism, which officials claim indirectly bolsters election security by freeing resources. Noem testified before the House on 25 January that state-level protections, enhanced by federal grants, provide sufficient redundancy against foreign actors.
Implications for 2026 Midterms and Beyond
State election officials in 12 battleground states requested federal cyber assistance in early January 2026, but CISA responded with advisory materials rather than on-site teams. The National Governors Association warned of resource strains, with Ohio Secretary of State Frank LaRose noting a doubling of phishing attempts since mid-2025.
Intelligence Community assessments project heightened risks for 2026 midterms, with adversaries exploiting perceived U.S. divisions on trade, immigration, and foreign aid. Bipartisan calls for restoring election-specific cyber units gained traction in a 27 January Senate hearing, though funding remains stalled in conference committee.