Suspected Iranian Actors Pushing Domestic Extremists to Target U.S. Politicians and Electoral Security Officials

The Mid-December “Enemies of the People” Campaign Persists

Amid fears of America’s adversaries twisting allegations of election fraud to their advantage, a disturbing online campaign surfaced last month—under the slogan “Enemies of the People” (EOTP)—that issued a series of death threats to those accused of failing to offer more fulsome support in efforts to overturn the results of the presidential election. Now there is mounting evidence that EOTP was actually an elaborate disinformation effort carried out by hostile foreign actors.

The EOTP campaign was launched via a series of websites and a corresponding Telegram chat service channel that released doxed profiles with personally identifiable information (PII) of targeted “enemies,” including personally identifiable information such as email and physical addresses. Each target profile featured a timer labeled “Your days are numbered,” with the timers set to expire at different times. The target profiles also had a “personal data” progress bar, but there was no information indicating the meaning of this bar. The websites even solicited visitors to make suggestions for new targets—in addition to the initial list that focused on employees of Dominion Voting Systems, various elected officials from key swing states, and high-profile members of the US Cybersecurity and Infrastructure Security Agency (CISA). A bitcoin address associated with the campaign appears to have accumulated the equivalent of $15,000 in donations from online supporters.

For unknown reasons, the timers on each EOTP target were all set to expire by, at latest, December 22 at approximately 6:43 AM EST (though many were set to expire earlier than that).  Fortunately, all of the countdown timers expired without any of the targets apparently being the victim of an act of violence.  Nonetheless, the mysterious campaign raised questions about who was responsible for it and what exactly they intended to accomplish.

Figure 1: Recently-Launched “Enemies of the People” Campaign Website

FBI and CISA Link EOTP Campaign to Iranian Actors

On December 23, the FBI issued a public alert warning that it and CISA “possess highly credible information indicating Iranian cyber actors almost certainly were responsible for the creation of a website called Enemies of the People” and that the EOTP “website demonstrates an ongoing Iranian intent to create divisions and mistrust in the United States and undermine public confidence in the U.S. electoral process.”

On January 3, the shadowy creators of the EOTP campaign attempted to push back against the allegations of the FBI and CISA, issuing a response that insisted, “we’re not Iranian.  We are Americans who, for obvious reasons, need to conceal our whereabouts… We don’t know why they decided to blame Iran… This is clearly a distraction of some sort… They say our website originated in Iran, yet offer zero proof.”  

Disinformation Campaigns Pose Serious Threat to US National Security

Given the degree of confidence in the conclusions of the FBI and CISA, this EOTP campaign represents strong evidence of hostile foreign powers actually carrying out coordinated disinformation campaigns intended to create or amplify U.S. political instability.  What is especially concerning, in this case, is twofold: a) that rogue regimes are brazen enough to publicly target high-profile citizens and government personnel, and b) the degree to which the US remains vulnerable to foreign actors who weaponize social media in order to mobilize unwitting US domestic extremists and sway them to carry out violent attacks from afar.

The Iranian EOTP Cyber Threat is Ongoing, Post-Inauguration

Only days ago, the FBI issued yet another bulletin advising that “Iranian cyber actors are continuing their ‘Enemies of the People’ online operations… The Iranian cyber actors have sought to intimidate some of the officials with direct threats, including an image of an apparent text communication between the EOTP actors and an unidentified individual in the United States purportedly supporting the operation.”  The FBI further warned:

“Individuals in the United States intent on disrupting the peaceful transition of power potentially may be inspired by and act upon these influence efforts to harass, harm, threaten, or attack individuals specifically identified.” 

The alert also identified several online identities tied to the operation that are “either disseminating threatening messages or amplifying the EOTP campaign”–including four accounts from the controversial Parler chat service. 

Lone-Wolf Domestic Extremist Threats Remain Active

In part due to extremist programming through disinformation campaigns, such as this “Enemies of the People” campaign, Flashpoint Finished Intelligence suggests that lone-wolf domestic extremist actors remain motivated to take action and carry out acts of disruption and violence even despite the successfully peaceful Joe Biden inauguration and the departure of now former President Donald Trump.

Go Deeper with Flashpoint

When you sign up for our 90-day risk-free trial, you immediately gain access to all Flashpoint threat data, along with our finished intelligence reports, and more.