Sizing Up Nation-State Cyberthreats to the US ElectionDigital Shadows: Disinformation, Ransomware, Phishing Attacks Prevail
Online disinformation campaigns by nation-state actors are the biggest cyberthreat to the U.S. election as hackers attempt to influence final vote tallies as a way to undermine confidence in the voting process, the security firm Digital Shadows notes in a new report.
Russian hackers are the leading source of these disinformation campaigns, followed by Iranian and Chinese threat actors, the report states. Most of the campaigns originate with state-owned media outlets, troll farms and bots used to push false content through social media feeds as a means of sowing discord and undermining the election process.
Ransomware, Spear Phishing
Nation-state hackers are also leveraging ransomware and spear phishing to target voters and political campaigns, the Digital Shadows report notes. One county in Georgia reported that a voter registration database was targeted in a ransomware attack (see: Ransomware Knocks Out Voter Database in Georgia).
"As nation-state threat actors have already conducted surveillance operations on infrastructure that could impact Election Day, there is a severe concern regarding ransomware campaigns that may seek to target networks and machines critical in running the U.S. election," Kacey Clark, a threat researcher at Digital Shadows, tells Information Security Media Group. "Intelligence officials have warned that foreign adversaries' attacks tend to favor the presidential candidate that may better serve their national interests or foreign policy." (see: Google: Phishing Attacks Targeted Trump, Biden Campaigns).
In the days leading up to the final day of voting on Nov. 3, nation-state hackers will launch disinformation campaigns spreading false information on voter suppression and voter or ballot fraud as well as launch attacks targeting the election infrastructure, Digital Shadows says.
Other reports have singled out Russia, China and Iran for their efforts to influence the U.S. election.
In August, William Evanina, director of the National Counterintelligence and Security Center, highlighted these threats.
Russian Agencies Involved
The Digital Shadows report notes that Russia's attempts at broader political influence overseas are mainly facilitated by two government agencies: the Foreign Intelligence Service and the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, or GRU.
These two agencies use state-owned media, automated bots and a nexus with organized crime groups to push false narratives that will appear in the users' social media feeds, Digital Shadows notes.
Russian disinformation campaigns have used QAnon, a far-right conspiracy group, to propagate misleading or false narratives related to child trafficking and COVID-19, the report says.
Russia has also used troll farms, such as the Internet Research Agency, which utilized Peace Data, an online media portal, to push false far-left stories on social media platforms. In September, the FBI announced that it had worked with Facebook and Twitter to take down malicious accounts and pages associated with the IRA.
Recently, the U.S. Justice Department indicted six members of Russia's GRU for carrying out a series of cyberattacks and hacking attempts, while the Treasury Department imposed economic sanctions against a Russian research organization.
Digital Shadows' Clark says these sanctions likely will not have a long-term effect on Russia's cyber activities.
"The government's continuous intent to impose sanctions on cyberthreat actors, and those that assist them, brings cyber criminality under the magnifying glass; however, we did not observe an overt impact of this within the report's findings," Clark notes.
Digital Shadows notes Iran remains the second-most prolific nation-state actor engaged in online disinformation campaigns, mainly focusing on publishing anti-American content.
The Justice Department took action earlier this month against dozens of domains that had ties to Iran's Islamic Revolutionary Guard Corps and were used to support this global disinformation campaign (see: DOJ Seizes Domains Used for Iranian Disinformation Campaigns).
"One of the domains - newsstand7[dot]com - used the slogan 'Awareness Made America Great' and published articles relating to U.S. President Donald Trump, the Black Lives Matter movement, U.S. unemployment, COVID-19 and police brutality," the Digital Shadows report notes.
China Uses Social Media
Hacking groups linked to China focus their campaigns on spreading geopolitical narratives favoring the ruling Communist Party, mainly through Twitter or YouTube, Digital Shadows says. Hackers hijack accounts to post controversial content in the U.S. on civil unrest, the West Coast wildfires and COVID-19.
Because social media platforms removed many of these posts, their impact has been minimal, the report adds.
A Surge of Activity?
Brandon Hoffman, CISO of security firm Netenrich, predicts disinformation campaigns tied to nation-state actors will surge in the coming days, with threat actors using automation tools to amplify their activities.
"We should expect to see more advanced campaigns aimed at next week's election and techniques that leverage automation to build more accounts and pages automatically,” he says. “These pages will be used for propaganda or ideology dissemination. We also will almost certainly see an attack on any voting equipment used and any mobile apps or websites that have anything to do with campaigns or hosting voter or voting information databases."