U.S. officials said that Russian hackers have targeted the networks of dozens of state and local governments in the United States in recent days, stealing data from at least two servers.
The advisory from the FBI and the Department of Homeland Security’s cybersecurity agency describes an onslaught of recent activity by a Russian state-sponsored hacking group against a broad range of networks, some of which were successfully compromised.
The advisory does not identify by name or location those who were targeted, but officials say they have no information that any election or government operations have been affected or that the integrity of elections data has been compromised.
“However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize [state and local] government entities,” the advisory said.
U.S. officials have repeatedly said it would be extremely difficult for hackers to alter vote tallies in a meaningful way, but they have warned about other methods of interference that could disrupt the election, including cyberattacks meant to impede the voting process.
The interference could continue during or after the tallying of ballots if Russians produce spoofed websites or fake content meant to confuse voters about election results and lead them to doubt the legitimacy of the outcome.
A broad concern, particularly at the local government level, has been that hackers could infiltrate a county network and then work their way over to election-related systems unless certain defenses are in place.
This is especially true for smaller counties that don’t have as much money and IT support as their bigger counterparts to fund security upgrades.
Officials have nonetheless sought to stress the integrity of the vote, with FBI Director Christopher Wray saying Wednesday, “You should be confident that your vote counts. Early, unverified claims to the contrary should be viewed with a healthy dose of skepticism.”
On Thursday, Chris Krebs, the head of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said officials don’t have reason to believe that hackers were looking for election infrastructure or election-related information, and aren’t aware of any activity “that would allow them to come anywhere near a vote.”
The threat from the Kremlin was mentioned but not especially emphasized during a news conference on Wednesday night, when officials said Russia and Iran had obtained voting registration information — though such data is sometimes easily accessible.
But most of the focus was on Iran, which officials linked to a series of menacing but fake emails that claimed to be from a fringe far-right group and were aimed at intimidating voters in multiple battleground states.
John Ratcliffe, the director of national intelligence, said the operation was aimed at harming President Donald Trump.
On Thursday, the Treasury Department announced sanctions against five Iranian entities, including the Islamic Revolutionary Guard Corps, for attempting to influence U.S. elections.
Despite Iran’s activities, Russia is widely regarded as the bigger threat to the election.
U.S. officials attribute the recent activity to a state-sponsored hacking group variously known as DragonFly and Energetic Bear.
The group appears to have been in operation since at least 2011 and is known to have targeted energy companies and power grid operators in the U.S. and Europe, as well as defense and aviation companies.
Aviation networks are among the entities that officials say were recently targeted, according to Thursday’s advisory.
According to the advisory, the hackers have obtained user and administrator credentials to enter the networks and moved laterally inside to locate what they felt would be “high-value” information to steal.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.