Hackers tried to breach email accounts of election officials in 9 states, FBI says
Election officials begin counting absentee ballots on November 3
By Sean Lyngaas, CNN
Unidentified hackers tried to breach the email accounts of election officials in nine states last October in an apparent “coordinated effort” to target election officials, the FBI said Tuesday while asking election officials to be on guard for hacking attempts as the midterms approach.
The phishing effort didn’t appear to have a big impact; some election officials who received the malicious emails told CNN that they did not click on them. But it was a reminder of cyber threats that election officials have to contend with in an election season.
“The FBI judges cyber actors will likely continue or increase their targeting of US election officials with phishing campaigns in the lead-up to the 2022 US midterm elections,” the FBI said in a public advisory.
After Russian hackers targeted IT systems across the country in the 2016 election, federal and state and local officials have bolstered defenses to election infrastructure. Russian and Iranian hackers were active during the 2020 election, which US officials declared the most secure election in history.
It’s unclear who was responsible for the hacking effort that the FBI cited Tuesday. CNN has reached out to the FBI for comment.
The malicious email campaign last October included fake invoices and were designed to steal the email passwords of election officials. In one case, the hackers used a compromised email account of a US official to send the emails, according to the FBI.
Staff at the National Association of Secretaries of State received a phishing email, but did not click and reported it to the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), which tracks hacking threats, according to NASS communications director Maria Benson. “The EI-ISAC then shared [the information] with their networks as it is supposed to,” Benson told CNN in an email.
One election official familiar with the malicious emails said their state’s cybersecurity protection intercepted the emails so they couldn’t do any harm.
“It’s a good reminder that it only takes a user accidentally clicking on one link for someone” to breach an email account, said the official, who spoke on the condition of anonymity because they were not authorized to speak to the press.
The-CNN-Wire
™ & © 2022 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.
