Hackers attempted to hack into email accounts of election officials in 9 states, FBI says
The phishing effort didn’t seem to have a big impact; some election officials who received the malicious emails told CNN they did not click on them. But it was a reminder of the cyber threats that election officials have to deal with during an election season.
“The FBI believes that cyber actors will likely continue or increase their targeting of US election officials with phishing campaigns in the run-up to the 2022 US midterm elections,” the FBI said in a public notice.
After Russian hackers targeted computer systems across the country during the 2016 election, federal, state and local authorities beefed up election infrastructure defenses. Russian and Iranian hackers were active in the 2020 election, which US officials have declared the most secure election in history.
It’s unclear who was responsible for the hacking effort the FBI cited on Tuesday. CNN has contacted the FBI for comment.
Last October’s malicious email campaign included fake invoices and was designed to steal email passwords from election officials. In one case, the hackers used a compromised email account of a US official to send the emails, according to the FBI.
National Association of Secretaries of State staff received a phishing email but did not click through and reported it to the Election Infrastructure Information Sharing and Analysis Center (EI- ISAC), which tracks hacking threats, according to NASS communications director Maria Benson. “ISIS-ISAC then shared [the information] with their networks as it should be,” Benson told CNN in an email.
An election official familiar with malicious emails said his state’s cybersecurity protection intercepted the emails so they could do no harm.
“It’s a good reminder that all it takes is for a user to accidentally click on a link for someone” to breach an email account, said the manager, who spoke on condition of anonymity because he does not was not authorized to speak to the press.