The Cyber War on Democracy: Lessons from the 2024 RNC Email Hack

In July 2024, as the Republican National Committee (RNC) geared up for its national convention in Milwaukee, Chinese hackers infiltrated the RNC’s email system.  According to The Wall Street Journal, attackers maintained access for several months, trying to get their hands on intelligence on how the GOP planned to address Taiwan in its party platform. 

Microsoft alerted top party officials about the breach, yet RNC leadership, including Trump campaign co-chair Chris LaCivita, chose not to inform the FBI, fearing leaks in the media. 

The previously unreported incident, says the WSJ, will be revealed in Politico’s National Political Reporter Alex Isenstadt’s upcoming book, “Revenge: The Inside Story of Trump’s Return to Power,” slated for launch in March.

Subverting Democracy Through Manipulation

This breach is part of an insidious and troubling rise in subversion in which nation-state adversaries target political entities to perform reconnaissance, manipulate public perception, and sway democratic processes. The RNC incident, like previous cyber intrusions, highlights that if we want to protect democracy, urgent intervention in the form of stronger cybersecurity measures is critical.

Cyber interference in democratic elections is far from new. We’ve seen a slew of elections worldwide targeted by state-sponsored entities looking to manipulate outcomes, sow discord, or gather intelligence. At times, these attacks involve cyber espionage; other times, vast disinformation campaigns run by armies of bots on social media and even brazen breaches of political parties’ systems. 

Some of the most well-documented examples include:

The 2016 US Presidential Election

Russian cyber actors carried out one of the most infamous cases of election interference in modern history. A Russian-backed hacking group called Fancy Bear or APT28 got a foothold in the Democratic National Committee (DNC) and Clinton campaign emails. 

The purloined data was later published via WikiLeaks to influence voter perceptions. The US intelligence community concluded that Russia’s aim was to weaken trust in the electoral process and damage Hillary Clinton’s candidacy. 

Moreover, Time reported that Russian actors spread propaganda on Twitter, Facebook, YouTube, and Instagram, staged rallies in Florida and Pennsylvania, arranged meetings with members of the Trump campaign and its associates, and proposed a business deal for a Moscow skyscraper to the Trump Organization. 

The 2020 US Presidential Election

Despite more (and better) cybersecurity measures, the 2020 election still faced interference attempts from Russia, China, and Iran. Reports from the Cybersecurity and Infrastructure Security Agency (CISA) indicated that these countries conducted cyber operations to undermine voter confidence, influence public opinion, and spread disinformation. Two Iranian nationals were charged in this instance.

While these efforts were less disruptive than in 2016, they reinforced the persistence of foreign election meddling.

The 2024 Romanian Presidential Election

In December 2024, Romania’s constitutional court annulled the first round of its presidential elections thanks to suspicions that Russia had been up to its old tricks. The Kremlin was unsurprisingly accused of backing a far-right candidate, Călin Georgescu, using cyber operations and a vast disinformation campaign spread on TikTok. This incident made it clear that Russia’s continued efforts to destabilize democratic processes aren’t just eyeing the US but Eastern Europe, too.

The Puppeteers of Cyber Interference

State-sponsored cyber interference is typically carried out by nation-states with strategic interests in undermining democracy or influencing foreign policy. The primary actors involved include:

Russia

Russia has been the biggest and most aggressive culprit in election interference, using every trick at its disposal. Russian cyber groups like Fancy Bear (APT28) and Cozy Bear (APT29) have targeted elections across the globe, often aligning with the Kremlin’s foreign policy goals. It appears their aim is to weaken adversaries, advance their allies, deepen political divisions, and undermine democratic institutions. (ASPI)

China

China is far from innocent, either. Moving in the shadows, its cyber activities have centered on intelligence-gathering rather than direct or blatant electoral manipulation. The RNC email event highlights China’s interest in understanding and potentially influencing US foreign policy decisions. The country has also been linked to cyber campaigns targeting politicians and government agencies in Australia and the UK. 

Iran

Iranian cyber actors, as mentioned, have carried out operations hoping to disrupt elections and spread fake news. In 2020, Iranian hackers were accused of targeting Trump campaign officials and spreading false narratives intended to inflame political tensions.

Securing the Vote

The growing sophistication of election interference needs a multi-pronged response. Governments, political entities, and citizens must adopt proactive measures to safeguard democracy from cyber threats. Key strategies include:

Raising the Cybersecurity Bar

Political organizations should implement stringent cybersecurity protocols, including:

Fueling International Cooperation

Because cyber threats are a global challenge that requires coordinated international action, nations must act for the greater good and work together on the following:

Navigating the Information Age

Disinformation efforts exploit public vulnerabilities by appealing to our natural biases and personal prejudices. They take advantage of our emotions, fears, and pre-existing beliefs. These campaigns are designed to manipulate individuals into accepting misleading narratives or falsehoods, often using sophistry—deceptive arguments that appear logical but are fundamentally flawed. 

To fight this scourge, developing critical thinking skills, promoting media literacy, and fueling a more informed public that can tell the wheat from the chaff, and discern between credible information and manipulative rhetoric is key, although probably unattainable. 

To combat disinformation campaigns, educational initiatives should teach citizens how to identify disinformation, fact-checking bodies should counter false narratives, and social media platforms should enforce transparency in political advertising and block fake news. However, a massive blow was dealt to the latter earlier this year when Meta announced it would end fact-checking on its platforms.

Demanding Accountability from Tech Companies 

Social media and technology firms play a critical role in preventing election interference and need to be held accountable for enabling this at every level. Governments and regulators must:

• Require platforms to detect and remove foreign disinformation campaigns

• Mandate disclosure of political ad funding as well as sources

• Develop AI-driven monitoring tools to flag coordinated misinformation efforts

Defending the Integrity of Elections

The 2024 RNC email attack is yet another reminder that cyber threats to democracy are a clear and present danger. At a time of unprecedented geopolitical uncertainty, with foreign actors honing their methods, democratic institutions have no choice but to stay vigilant. 

Strengthening cybersecurity, fighting for international cooperation, promoting public awareness, and holding technology companies accountable will help defend the integrity of elections everywhere.  

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.