U.S. Says Russian Hackers Targeted State, Local Governments Ahead Of Election
Russian state-sponsored hackers have targeted dozens of U.S. state and local government networks in recent weeks and stolen data from at least two servers, the U.S. government says.
In an advisory released on October 22, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) described a range of activity from Russian-backed hackers since at least September.
The agencies said that to date, there was no indication the hackers intentionally disrupted aviation, education, elections, or government operations.
“However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize” state and local governments, the agencies said.
The advisory did not mention who was targeted, saying only the campaign was against “a wide variety of U.S. targets.”
It said the hackers — identified as Berserk Bear, Energetic Bear, Dragonfly, and other names — had successfully compromised network infrastructure and stolen data from at least two servers.
The warning comes less than two weeks before the November 3 election and as U.S. authorities are on high alert for efforts by foreign countries to spread false information or interfere in the election.
The United States has said that Russia, which interfered in the 2016 election by hacking Democratic Party e-mail accounts and through social-media campaigns, is trying to interfere again this year.
However, U.S. officials say that Americans can be confident in the electoral process and that it would be extremely difficult for malign cyber-actors to influence vote tallies in any meaningful way.
The alert comes after U.S. officials on October 21 claimed both Iran and Russia had obtained U.S. voter information and were attempting to influence public opinion ahead of the election.
The announcement at a rare news conference underscored the concern within the U.S. government about efforts by foreign countries to spread false information meant to suppress voter turnout and undermine Americans’ confidence in the vote.
U.S. Director of National Intelligence John Ratcliffe said Iran had been sending spoofed e-mails designed to intimidate voters, create social unrest, and damage President Donald Trump.
He said Iran was responsible for intimidating e-mails sent to Democratic voters in at least four battleground states, including Florida and Pennsylvania.
The voter-intimidation operation apparently used e-mail addresses obtained from state voter-registration lists, which include party affiliation and home addresses and can include e-mail addresses and phone numbers.
It wasn’t clear if the information was hacked or obtained another way, such as through criminal networks on the dark web. Some voter information is publicly available.
Ratcliffe said that U.S. intelligence had not observed the same action from Russia, but that “we are aware that they have obtained some voter information just as they did in 2016.”
Both Iran and Russia have denied the U.S. claims.