Hackers targeted US election officials with phishing email campaign, according to FBI
Federal law enforcement advisory warns ‘concerted effort’ will likely continue during 2022 midterms
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers likely targeted US election officials with an invoice-themed phishing email campaign in an attempt to gain access to their systems, according to the FBI.
An advisory issued by the bureau this week warns election administrators and state and local government officials about a malicious email scheme that federal law enforcement believes is part of a “concerted effort to target US election officials.”
Similar threats “will likely continue or increase their targeting of US election officials with phishing campaigns in the lead-up to the 2022 US midterm elections,” according to the FBI.
On 5 October, 2021, “unidentified cyber actors” targeted election officials in at least nine states as well as members of the National Association of Secretaries of State with an email phishing scam using an “INVOICE INQUIRY.PDF” attachment that redirected recipients to a “credential-harvesting” website, according to law enforcement.
At least one of the email addresses used to send the phishing emails was a compromised US government account.
On 18 October, 2021, two email addresses that appeared to be connected to US businesses sent phishing emails to county-level election workers, with false Microsoft Word document attachments
The next day, another email address purportedly from a US business sent a phishing email to another election official with a Word document titled “Current Invoice and Payments for report.”
After Russian hackers targeted information technology systems across the US throughout 2016 elections, federal and state officials have sought to bolster their election infrastructure against potential attacks.
Bryan Vorndran, assistant director of the FBI’s cyber division, told the House Judiciary Committee this week that the agency continues to investigate and share information regarding suspicious cyber activity with election workers, stressing that “cyber hygiene and defense are critical, no matter which actor or method worries us the most.”
“We know our adversaries will continue to target election-related networks and systems again and again using the same unpatched vulnerabilities, by guessing simple passwords, and by spear phishing,” he said on 29 March. “That is why it is critical to maintain close collaboration with election officials, political organizations, candidates, social media and tech companies, and technical defenders.”
It is unclear who is responsible for the attacks that prompted FBI warnings this week.
The FBI’s advisory follows reports of threats and harassment aimed at election workers and administrators leading up to and following 2020 elections.
One in six election workers have experienced threats because of their job, reflecting a similar rate from 2021, despite assurance from the US Department of Justice to “vigorously prosecute” offenders with the creation of an elections task force last summer, according to a survey from the Brennan Center for Justice.
More than half of poll respondents reported harassment on the phone, on social media or on the job.
Nearly three-quarters of respondents were concerned for the safety of their colleagues, while 65 per cent fear in-person abuse, and 63 per cent feared harassment over the phone.
More than three-quarters of respondents said threats against them have increased in recent years.
The Justice Department launched its election task force last year to investigate and prosecute threats against election workers.
It made its first public indictment in January 2022, charging a Texas man accused of using Craigslist to issue a call for “Georgia Patriots” to “put a bullet” in federal, state and local officials.