U.S. Detects Rise in Russian, Iranian Hacks Before Elections

Published 23/10/2020, 09:37 am
© Bloomberg. WASHINGTON, DC - SEPTEMBER 28: An American flag is placed on a fence outside of the U.S. Capitol building on September 28, 2020 in Washington, DC. This week Seventh U.S. Circuit Court Judge Amy Coney Barrett, U.S. President Donald Trump's nominee to the Supreme Court, will begin meeting with Senators as she seeks to be confirmed before the presidential election. (Photo by Al Drago/Getty Images) Photographer: Al Drago/Getty Images North America
PFPT
-
MNDT
-

(Bloomberg) -- Russia has been targeting U.S. government agencies since at least September and may be planning more severe attacks in the days leading up to Election Day and even afterward, according to a cybersecurity advisory issued by a pair of U.S. agencies.

Russian state-sponsored operators have been targeting dozens of government and aviation networks, including successful attacks against two unnamed victims whose data was stolen as of Oct. 1, according to one of two guidances issued jointly by the FBI and the Cybersecurity Infrastructure Security Agency, known as CISA. There’s no evidence that the attacks have disrupted victims in aviation, education, elections or government, yet the agencies called for heightened awareness in case attackers return, especially in the days leading up to the Nov. 3 election.

“The actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize” local government entities, according to the advisory issued Thursday. “There may be some risk to elections information. However, the FBI and CISA have no evidence to date that integrity of data has been compromised.”

The Russian state-sponsored group is known by various nicknames, including Berserk Bear and Crouching Yeti.

The agencies issued another alert simultaneously, warning against malicious Iranian actors seeking to interfere and sow discord in the U.S. elections. Also state-sponsored hackers, these groups are creating fake media sites and spoofing legitimate media to spread “U.S. voter registration data, anti-American propaganda and misinformation,” according to the guidance.

The warnings came a day after Director of National Intelligence John Ratcliffe accused Iran of escalating efforts to interfere in the closing days of the presidential election, saying the Islamic Republic faked a series of intimidating messages to Democratic voters. While the email campaign -- which impersonated the right-wing Proud Boys group -- reached fewer than 3,000 users, according to cyber-researchers at Proofpoint (NASDAQ:PFPT) Inc., the attempt to interfere came amid heightened fears of nation-state meddling in the coming days.

These same Iranian actors are known for taking down websites, hacking databases and sending spear-phishing messages, which could render “these systems temporarily inaccessible to the public or election officials, which could slow, but not prevent, voting or the reporting of voting results,” read the joint statement.

In addition, the Treasury Department on Thursday sanctioned five Iranian entities for “having directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in the 2020 U.S. presidential election.” The sanctioned groups include the Islamic Revolutionary Guard Corps, the IRGC-Qods Force and Bayan Rasaneh Gostar Institute.

“The Iranian regime has targeted the United States’ electoral process with brazen attempts to sow discord among the voting populace by spreading disinformation online and executing malign influence operations aimed at misleading U.S. voters,” the department said in a statement.

The Russian hacking group named by CISA has been connected to breaches in the U.S., Europe and elsewhere, according to the cybersecurity firm FireEye (NASDAQ:FEYE) Inc.. They’re accused of hacking energy providers, water infrastructure, airports and an election-related organization in the last several years.

“We have actively tracked targeting of state and local systems by this actor in the lead up to the election,” said John Hultquist, a senior director at FireEye, in a statement. “Access to these systems could enable disruption or could be an end in itself, allowing the actor to seize on perceptions of election insecurity and undermine the democratic process.” He added that the firm has no evidence that the group has the capability to alter votes.

Earlier this month, CISA alerted the public of “malicious activity” targeting government networks at the federal, state and local level. “There may be some risk to elections information housed on government networks,” the agency warned at the time. “CISA is aware of some instances where this activity resulted in unauthorized access to elections support system.”

“The fact that these countries reportedly continue to engage in easily-compromised influence operations aimed at influencing U.S. and other elections tells you that the Western response to their past actions has failed to establish deterrence,” Norman Roule, a former senior U.S. intelligence officer, said of the Ratcliffe’s announcement on Wednesday. “Such operations have profound consequences that go beyond any one election and any single country.”

(Updates with Treasury sanctions in eighth paragraph)

©2020 Bloomberg L.P.

© Bloomberg. WASHINGTON, DC - SEPTEMBER 28: An American flag is placed on a fence outside of the U.S. Capitol building on September 28, 2020 in Washington, DC. This week Seventh U.S. Circuit Court Judge Amy Coney Barrett, U.S. President Donald Trump's nominee to the Supreme Court, will begin meeting with Senators as she seeks to be confirmed before the presidential election. (Photo by Al Drago/Getty Images) Photographer: Al Drago/Getty Images North America

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2025 - Fusion Media Limited. All Rights Reserved.