Hackers, possibly nation-state actors, have penetrated U.S. government networks and accessed election systems, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said in a joint alert.
In some cases, there was unauthorized access to election support systems, CISA added.
The agency, which is part of the Department of Homeland Security, explained there is no evidence so far that the integrity of elections data was compromised and that “it does not appear these targets are being selected because of their proximity to elections information.”
CISA did intimate that election system data could be compromised, noting “there are steps that election officials, their supporting … IT staff, and vendors can take to help defend against this malicious cyber activity.”
Hackers got access via a combination of vulnerabilities — what CISA calls “vulnerability chaining.” It is a commonly used tactic and in this case targeted federal and state, local, tribal, and territorial (SLTT) government networks, critical infrastructure, and elections organizations.
The hackers targeted a Virtual Private Network (VPN) vulnerability and a flaw in Netlogon, a Windows protocol to authenticate users.
“Patches are available for all of the vulnerabilities referenced in the joint cybersecurity advisory from CISA and the FBI,” Tenable, a cybersecurity company, said in a statement sent to Fox News. “Most of the vulnerabilities had patches available for them following their disclosure.”
The alert did not state explicitly who the bad actors were, only referring to them as “advanced persistent threat (APT) actors.” But that is a term often reserved for state-sponsored hacking groups, according to experts.
In October, Microsoft’s Security Intelligence team cited a campaign leveraging one of the bugs from a threat actor known as CHIMBORAZO, also known as TA505, a “financially motivated nation-state actor,” according to an analysis of the alert by Tenable.
In September, Microsoft said it detected Russian, Chinese and Iranian actors targeting the 2020 U.S. elections.
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported,” Microsoft said at the time, citing a statement by the National Counterintelligence and Security Center Director William Evanina.