Security News > 2020 > October > FBI: How Iranian hackers stole voter info from state election sites
DHS CISA and the FBI today shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info from U.S. state websites, including election sites.
The attempts to download voter info from election websites took place between September 29 and October 17, 2020, according to the advisory.
The advisory provides technical details regarding DNI John Ratcliffe's confirmation during a press conference that nation state-backed Iranian hackers collected voter registration info that was used in the fake Proud Boys threatening emails.
Their attacks allowed them to successfully downloaded voter registration data for at least one U.S. state by exploiting election site misconfiguration and vulnerabilities.
Iranian hackers used NordVPN. As the FBI said in a flash alert issued yesterday, many of the IP addresses used by the Iranian hackers in the fake Proud Boys email campaign are from the NordVPN service and may also correspond to other VPN providers including CDN77, HQSERV, and M247. "While this creates the potential for false positives, any activity on the below would likely warrant further investigation," the FBI said.
News URL
Related news
- Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (source)
- NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel (source)