U.S. officials said Thursday that Russian hackers have targeted the networks of dozens of state and local governments in the United States in recent days, stealing data from at least two servers. The warning, less than two weeks before the election, amplified fears of the potential for tampering with the vote and undermining confidence in the results.
The alert describes an onslaught of recent activity from Russian state-sponsored hacking groups in recent days against state and local networks, some of which were successfully compromised. The advisory from the FBI and the Department of Homeland Security’s cybersecurity agency functions as a reminder of Russia’s potent capabilities and ongoing interference in the election even after U.S. officials publicly called out Iran at a news conference on Wednesday night.
The advisory does not mention any of the specific victims who were targeted, but officials say they have no information that any election or government operations have been affected or that the integrity of elections data has been compromised.
“However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize (state and local) government entities,” the advisory said.
U.S. officials have repeatedly said it would be extremely difficult for hackers to alter vote tallies in a meaningful way, but they have warned about other methods of interference that could include cyberattacks on networks to impede the voting process or the production of spoofed websites or other faked content aimed at causing voters to mistrust the results.
A broad concern, particularly at the local government level, has been that hackers could infiltrate a county network and then work their way over to election-related systems unless certain defenses, such as firewalls, are in place. This is especially true for smaller counties that don’t have as much money and IT support as their bigger counterparts to fund security upgrades.
U.S. officials warned at a hastily called news conference Wednesday night that Russia and Iran had obtained voting registration information, though such data is sometimes publicly accessible. But most of the focus of that event was on Iran, which officials linked to a series of menacing but fake emails aimed at intimidating voters in multiple battleground states.
Despite that activity, Russia is widely regarded in the cybersecurity community as the bigger threat to the election. The U.S. has said that Russia, which interfered in the 2016 election by hacking Democratic email accounts, is interfering again this year in part through a concerted effort to denigrate U.S. President Donald Trump’s Democratic opponent, Joe Biden.
U.S. officials attribute the activity to a state-sponsored hacking group variously known as DragonFly and Energetic Bear in the cybersecurity community. The group appears to have been in operation since at least 2011 and is known to have engaged in cyberespionage on energy companies and power grid operators in the U.S. and Europe, as well as on defense and aviation companies.
Chris Krebs, director of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said Thursday that the alert was issued in regards to scanning of county networks for vulnerabilities, not specifically targeting the elections. “There was access in a couple limited cases to an election related network,” he said.