The Russian government is behind a recent campaign of cyberattacks on state and local governments and aviation networks that has stolen data from at least two victims, federal officials said Thursday in the latest public alarm about foreign hackers’ efforts in the run-up to Election Day.
A Russian hacking team best known for attacks on energy companies “has conducted a campaign against a wide variety of U.S. targets” including “dozens” of state and local governments, the FBI and DHS’s Cybersecurity and Infrastructure Security Agency said in an alert.
But while the hackers have “exfiltrated data from at least two victim servers,” the agencies said they saw no indication that the intruders had “intentionally disrupted any aviation, education, elections, or government operations.”
In addition, they said, while “there may be some risk to elections information” because the hackers are targeting state and local networks, the intelligence community has “no evidence … that integrity of elections data has been compromised.”
Instead, according to the advisory, the Russians’ goal may be to maintain footholds in U.S. computer networks so they can steal and release documents later as part of a campaign to influence or undermine the American political process.
Hackers in Russian military intelligence infiltrated multiple state and local election offices during the 2016 campaign, U.S. investigators later revealed, saying the thefts included sensitive information on about 500,000 voters. At the time, federal officials said they had no indication that the hacks had altered the results or interfered with the election.
Thursday’s revelation that Russia has once again breached U.S. networks that could include state and local governments comes one day after the Trump administration highlighted the Iranian regime’s alleged role in a series of emails threatening Americans to vote for President Donald Trump.
U.S. intelligence analysts monitoring Russian networks have concluded that Moscow may use access to state and local networks to sow chaos if the election remains unresolved after polls close, The New York Times reported Thursday afternoon.
“Officials did not make clear what Russia planned to do, but they said its operations would be intended to help President Trump, potentially by exacerbating disputes around the results, especially if the race is too close to call,” the newspaper reported.
Energetic Bear, which has operated since at least 2010, is best known among security researchers for its intrusions into European energy companies, including firms in the oil, gas and electric sectors. In recent years, however, it has expanded its attacks to the nuclear, manufacturing and aviation industries. In April, it hacked San Francisco International Airport’s websites to plant code that would steal login credentials.
The FBI and CISA initially disclosed on Oct. 9 that sophisticated hackers were targeting state and local governments and had gained “unauthorized access to elections support systems,” but at the time they did not attribute the activity to Russia.
The federal alerts have not identified the state or local governments targeted in the attacks, although The Washington Post reported Thursday night that they included “at least two county systems in California and Indiana.”
Officials in some states, including California, said in interviews Thursday that they have received no warnings from Washington they had been targeted in the latest Russian campaign.
“Elections officials will remain vigilant to any threats as they develop,” said a statement from California Secretary of State Alex Padilla, whose office oversees elections in the state.
In a separate alert on Thursday, the two agencies reported that Iran was creating fake news websites and spoofing real media organizations as part of a disinformation campaign aimed at undermining confidence in the election.