Iranian hackers probed election-related websites in 10 states, US officials say

Written by

Suspected Iranian hackers have probed the election-related websites of 10 states and, in one case, accessed voter registration data, federal personnel told election security officials on Friday.

The hackers were conducting broad scanning of state and local websites at the end of September, then attempted to exploit the websites and nab voter data, officials from the FBI and Department of Homeland Security said during a phone briefing. They successfully compromised one database, according to Jermaine Roebuck, an official at DHS’s Cybersecurity and Infrastructure Security Agency.

“We have confirmed that in at least one state the threat actor did obtain [access] to a voter registration database by abusing a website misconfiguration,” he said. “We are aware of the specific states that were targeted in this activity and we’re actively coordinating with those states currently to ensure proper remediation.”

The suspected Iranian hackers have been attempting to exploit known software vulnerabilities in their search for voter data, federal officials said. They did not say which states were targeted. An FBI official on the briefing said attackers had probed websites in 10 states.

“We weren’t able to attribute all of this activity to the same threat actor,” but there was overlap in IP addresses, IP ranges, virtual private network exit nodes, and other technical data, Roebuck said.

The briefing sheds more light on suspected Iranian efforts to interfere in the U.S. election. It follows a public accusation from American officials that Iran was behind an influence campaign involving phony emails threatening Democratic voters in Florida. U.S. officials said then that attackers had accessed some voter information, but they did not say how.

There is no evidence that any of the activity has affected voting procedures, and U.S. officials stressed that the integrity of the vote is protected. CISA and the FBI used the briefing to encourage state and local officials to harden their IT systems days before Election Day. “We know that activity is out there, we know the steps” you can take to address it, said Matt Masterson, a CISA senior adviser.

With voting underway across the country, U.S. officials have publicly attributed a series of foreign cyber campaigns related to the elections sector. It’s a federal effort to be more transparent about foreign threats compared to 2016, and at the same time reassure voters their ballots are being protected.

The FBI and CISA previously said that the Russian government-connected TEMP.Isotope hacking group, also known as Energetic Bear, was responsible for breaching some IT infrastructure used by state and local officials. Beyond assigning blame, U.S. officials have also taken action against alleged election-meddlers, including sanctions against Iranian organizations.

The Iranian Mission to the United Nations did not immediately respond to a request for comment on the allegations.

Tim Starks contributed reporting.