U.S. Says Russian Hackers Targeted State And Local Governments Ahead Of Election

Russian state-sponsored hackers have targeted dozens of U.S. state and local government networks in recent weeks and stole data from at least two servers, the U.S. government said.

In an advisory released on October 22, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) described a range of activity from Russia-backed hackers since at least September.

The agencies said that to date, there was no indication the hackers intentionally disrupted aviation, education, elections, or government operations.

“However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize” state and local governments, the agencies said.

The advisory did not mention who was targeted, saying only the campaign was against “a wide variety of U.S. targets.”

It said the hackers–identified as Berserk Bear, Energetic Bear, Dragonfly, and other names–successfully compromised network infrastructure and stole data from at least two servers.

The warning comes less than two weeks before the November 3 election and as U.S. authorities are on high alert for efforts by foreign countries to spread false information or interfere in the election.

The United States has said that Russia, which interfered in the 2016 election by hacking Democratic email accounts and through social media campaign, is trying to interfere again this year.

However, U.S. officials say that Americans can be confident in the electoral process and that it would be extremely difficult for malign cyber actors to influence vote tallies in any meaningful way.

The alert comes after U.S. officials on October 21 claimed both Iran and Russia had obtained American voter information and are attempting to influence public opinion ahead of the election.

The announcement at a rare news conference underscored the concern within the U.S. government about efforts by foreign countries to spread false information meant to suppress voter turnout and undermine American confidence in the vote.

U.S. Director of National Intelligence John Ratcliffe said Iran has been sending spoofed emails designed to intimidate voters, create social unrest, and damage President Donald Trump.

He said Iran was responsible for intimidating emails sent to Democratic voters in at least four battleground states including Florida and Pennsylvania.

The voter-intimidation operation apparently used email addresses obtained from state voter registration lists, which include party affiliation and home addresses and can include email addresses and phone numbers.

It wasn’t clear if the information was hacked or obtained another way, such as through criminal networks on the dark web. Some voter information is publicly available.

Ratcliffe said that U.S. intelligence has not observed the same action from Russia, but that “we are aware that they have obtained some voter information just as they did in 2016.”

Both Iran and Russian denied the U.S. claims.