US officials confirm Iranian hackers stole voter data

al-monitor Fancy Bear is seen in this photo illustration. The Russian hacker group APT28 is also known as Fancy Bear. Photo by Sean Gallup/Getty Images.

Nov 2, 2020

Iranian hackers who sent a barrage of threatening emails to US voters last month were successful in accessing voter data from at least one state, according to a joint statement issued late last Friday by the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Although the state was not identified, alleged personal details of Alaska voters were briefly flashed in a video released by the hackers. The video accompanied a campaign that sent thousands of threatening emails to US voters disguised as a far-right pro-Trump group.

The security breach is the latest attempt targeting the 2020 US elections, US intelligence officials warned, including attempts to hit the campaigns of President Donald Trump and his opponent, Joe Biden.

Why it matters: During an impromptu press briefing Oct. 21, Director of National Intelligence John Ratcliffe announced the US government had determined Iran was behind an email campaign meant to intimidate voters and that some voter registration information was obtained by Iran, although no more details were provided. Attribution of attacks can sometimes take years. However, in the case of October’s incident, federal officials needed only days.

“We are standing before you now to give you the confidence that we are on top of this and providing you with the most powerful weapon we have to combat these efforts, the truth, information,” Ratcliffe said.

A week later, a CISA advisory confirmed the Iranian hackers attempted to obtain copies of voter registration data between Sept. 29 and Oct. 17. CISA and the FBI said the hackers also scanned other states' election sites for vulnerabilities. Ten states were scanned in total, according to Cyberscoop, although no other breaches were reported.

Earlier that same day, it was revealed that Russian hackers targeted California's and Indiana’s Democratic Party branches as well as think tanks in Washington and New York, according to Reuters. Those attacks were carried out by a group called Fancy Bear (also known as Strontium), which is controlled by Russia’s military intelligence agency. The group was found responsible for hacking the email accounts of Hillary Clinton’s staff leading up to the 2016 election, according to a Department of Justice indictment filed in 2018.

In September, Microsoft Corp announced that Fancy Bear attempted to intrude on more than 200 organizations, many of which were purportedly tied to the 2020 elections.

What’s next: Fancy Bear joins a list of state actors making waves before the US presidential election. A group operating out of Iran referred to as Phosphorus has repeatedly targeted personal accounts of individuals associated with Trump’s campaign, a report from Microsoft’s Threat Intelligence center found in October. Between May and June 2020, the group unsuccessfully attempted to log into accounts of administration officials and Trump campaign staffers. And China-based Zirconium has hit high-profile individuals associated with the election, including people associated with Biden and members of the international affairs community. Researchers say the attacks are attempts to inspire confusion and distrust of the entire 2020 election.

Know more: Al-Monitor reviews last month’s removal by Facebook of a network originating from Iran that targeted the United States.

Continue reading this article by registering at no cost and get unlimited access to:
  • Al-Monitor Archives
  • The Week in Review
  • Exclusive Events
  • Invitation-only Briefings