The Federal Bureau of Investigation, shown, and the Cybersecurity and Infrastructure Security Agency said in a security alert that there is no evidence that any election data has been compromised.
Photo: Stefani Reynolds/Bloomberg News
Russian government hackers have targeted dozens of state and local government and aviation computer networks since last month and stolen data from at least two servers, actions that could presage efforts to undermine the election, two federal agencies said Thursday.
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said in a security alert that while there is no evidence that any election data has been compromised, the attacks may present “some risk” to election information housed on state and local government networks.
CISA’s top official, Christopher Krebs, said that the alert about Russian activity described a broad cyber campaign. “Our theory is that there’s broad scanning looking for vulnerabilities,” Mr. Krebs said. He added: “It’s an opportunistic activity. We don’t have any reason to believe they were looking for election infrastructure, election-related information. They just found themselves there.”
And Russia, he said, isn’t alone in trying to undermine the U.S. election. “Iran is very active. Russia isn’t quite as active,” he said.
The Russian hacking group linked to these attacks is known under various names including Energetic Bear and Dragonfly, the alert said. Government officials have previously linked the group to attacks on U.S. electrical infrastructure.
This actor “may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize [state and local] government entities,” the alert said.
Government officials are continuing to monitor the group’s ongoing hacking attempts, the alert said.
Russian officials have previously denied attempts to hack into U.S. computer networks. The Russian embassy in Washington, D.C., didn’t immediately respond to a request for comment.
The warning is the latest in a drumbeat of government alerts about possible election threats and comes a day after U.S. officials said that Iran and Russia are acting to influence public opinion during the presidential election.
The fact that this Russian hacking group has now apparently pivoted to attacking state and local government networks is concerning, said John Hultquist, senior director of analysis at FireEye Inc.’s Mandiant group, which has tracked the group for years as it has targeted energy companies. “They’re an actor that’s designed to get into sensitive areas and potentially has disruptive capabilities,” he said. “The good news is that we’ve not seen them in some position where they could change the election results.”
U.S. intelligence officials have generally viewed Russia as the most serious foreign threat to the 2020 presidential election, based on its success in 2016 and a number of warning signs that hackers have been targeting campaigns and American political groups in recent months. But some officials have expressed surprise in recent weeks that Moscow, by some measures, has been relatively quiet compared with four years ago, and that Iran has stepped up its interference ambitions instead.
The access described in the alert about the Russian hacking efforts didn’t have anything to do with the casting and counting of actual ballots, Mr. Krebs said.
“We still remain confident that no foreign cyber actor can change votes, and that it’d be incredibly difficult for them to manipulate the outcome of the election at the national level or in any particular state,” Ken Cuccinelli, the acting deputy secretary of the Department of Homeland Security, said at a press conference. “It doesn’t mean they won’t try to cause problems,” Mr. Cuccinelli added, mentioning possible disinformation threats.
Director of National Intelligence John Ratcliffe said Wednesday that Iran was behind a series of threatening emails sent to intimidate American voters. These emails appeared to be sent to sow division within the country, as they falsely claimed to be from a far-right group.
Mr. Ratcliffe described the activities so far as “desperate attempts by desperate adversaries.”
The U.S. Treasury Department responded Thursday by imposing sanctions against five Iranian groups it said were part of the effort. Treasury officials said the groups are owned or controlled by Iran’s Islamic Revolutionary Guard Corps, a military unit designated by the U.S. as a terror group.
The penalties were among a flurry of sanctions announced Thursday against Tehran and its ally in Lebanon, Hezbollah. Iranian officials didn’t immediately respond to a request for comment.
Corrections & Amplifications
An earlier version of this story misspelled the name of Christopher Krebs, the top official at the Cybersecurity and Infrastructure Security Agency. (10/23)
—Ian Talley and Dustin Volz contributed to this article.
Write to Robert McMillan at [email protected] and Alexa Corse at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Appeared in the October 23, 2020, print edition as ‘Agencies Say Russia Hacked City, State Networks.’
This post first appeared on wsj.com
