Hackers attempted to breach email accounts of election officials in 9 states, FBI says
By Sean Lyngaas, CNN
Unidentified hackers attempted to breach the email accounts of election officials in nine states last October in an apparent “coordinated effort” to target election officials, the FBI said Tuesday while asking election officials to be on the safe side. their guards against hacking attempts as the half-term approaches.
The phishing effort didn’t seem to have a big impact; some election officials who received the malicious emails told CNN they did not click on them. But it was a reminder of the cyber threats that election officials have to deal with during an election season.
“The FBI believes that cyber actors will likely continue or increase their targeting of US election officials with phishing campaigns in the run-up to the 2022 US midterm elections,” the FBI said in a public notice.
After Russian hackers targeted computer systems across the country during the 2016 election, federal, state and local authorities beefed up election infrastructure defenses. Russian and Iranian hackers were active in the 2020 election, which US officials have declared the most secure election in history.
It’s unclear who was responsible for the hacking effort the FBI cited on Tuesday. CNN has contacted the FBI for comment.
Last October’s malicious email campaign included fake invoices and was designed to steal email passwords from election officials. In one case, the hackers used a compromised email account of a US official to send the emails, according to the FBI.
National Association of Secretaries of State staff received a phishing email but did not click through and reported it to the Election Infrastructure Information Sharing and Analysis Center (EI- ISAC), which tracks hacking threats, according to NASS communications director Maria Benson. “ISIS-ISAC then shared [the information] with their networks like he’s supposed to,” Benson told CNN in an email.
An election official familiar with malicious emails said his state’s cybersecurity protection intercepted the emails so they could do no harm.
“It’s a good reminder that all it takes is one user accidentally clicking on a link for someone to” breach an email account, said the official, who spoke on condition of anonymity because he was not not allowed to speak to the press.
™ & © 2022 Cable News Network, Inc., a WarnerMedia company. All rights reserved.