Security News > 2020 > October > FBI: How Iranian hackers stole voter info from state election sites
DHS CISA and the FBI today shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info from U.S. state websites, including election sites.
The attempts to download voter info from election websites took place between September 29 and October 17, 2020, according to the advisory.
The advisory provides technical details regarding DNI John Ratcliffe's confirmation during a press conference that nation state-backed Iranian hackers collected voter registration info that was used in the fake Proud Boys threatening emails.
Their attacks allowed them to successfully downloaded voter registration data for at least one U.S. state by exploiting election site misconfiguration and vulnerabilities.
Iranian hackers used NordVPN. As the FBI said in a flash alert issued yesterday, many of the IP addresses used by the Iranian hackers in the fake Proud Boys email campaign are from the NordVPN service and may also correspond to other VPN providers including CDN77, HQSERV, and M247. "While this creates the potential for false positives, any activity on the below would likely warrant further investigation," the FBI said.
News URL
Related news
- FBI: Upcoming U.S. general election fuel multiple fraud schemes (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- FBI links North Korean hackers to $308 million crypto heist (source)