U.S.: Russian hackers targeting state, local governments on eve of election

The Russian government is behind a recent campaign of cyberattacks on state and local governments and aviation networks that has stolen data from at least two victims, federal officials said Thursday in the latest public alarm about foreign hackers’ efforts in the run-up to Election Day.

A Russian hacking team best known for attacks on energy companies “has conducted a campaign against a wide variety of U.S. targets” including “dozens” of state and local governments, the FBI and DHS’s Cybersecurity and Infrastructure Security Agency said in an alert.

But while the hackers have “exfiltrated data from at least two victim servers,” the agencies said they saw no indication that the intruders had “intentionally disrupted any aviation, education, elections, or government operations.”

In addition, they said, while “there may be some risk to elections information” because the hackers are targeting state and local networks, the intelligence community has “no evidence … that integrity of elections data has been compromised.”

Instead, according to the advisory, the Russians’ goal may be to maintain footholds in U.S. computer networks so they can steal and release documents later as part of a campaign to influence or undermine the American political process.

The revelation that Russia has once again breached U.S. networks that could include state and local governments comes one day after the Trump administration highlighted the Iranian regime’s alleged role in a series of emails threatening Americans to vote for President Donald Trump.

U.S. intelligence analysts monitoring Russian networks have concluded that Moscow may use access to state and local networks to sow chaos if the election remains unresolved after polls close, The New York Times reported Thursday afternoon.

“Officials did not make clear what Russia planned to do, but they said its operations would be intended to help President Trump, potentially by exacerbating disputes around the results, especially if the race is too close to call,” the newspaper reported.

Energetic Bear, which has operated since at least 2010, is best known among security researchers for its intrusions into European energy companies, including firms in the oil, gas and electric sectors. In recent years, however, it has expanded its attacks to the nuclear, manufacturing and aviation industries. In April, it hacked San Francisco International Airport’s websites to plant code that would steal login credentials.

The FBI and CISA initially disclosed on Oct. 9 that sophisticated hackers were targeting state and local governments and had gained “unauthorized access to elections support systems,” but at the time they did not attribute the activity to Russia.

In a separate alert on Thursday, the two agencies reported that Iran was creating fake news websites and spoofing real media organizations as part of a disinformation campaign aimed at undermining confidence in the election.


About the author


Leave a Comment