Iranian Cyber Threat Actors Threaten Election Systems

The US Government is warning that Iranian advanced persistent threat (APT) actors are influencing and interfering with the U.S. elections. These groups are trying to sow discord among voters and undermine public confidence in the US election. Groups like this create fictitious media sites and spoofing legitimate media sites. They spread misinformation about voter suppression, voter fraud, and ballot fraud.

This actor group has historically performed the following cyber attacks:

  • Distributed denial-of-service (DDoS) attacks
  • Structured query language (SQL) injections attacks
  • Spear-phishing campaigns
  • Website defacements
  • Disinformation campaigns

The history behind the Iranian threat actor group

According to the alert, these actors have conducted a significant number of intrusions against U.S.-based networks. These actors have conducted DDoS attacks, SQL injections attacks, spear-phishing campaigns, website defacements, and disinformation campaigns. These activities could temporarily render these systems inaccessible to the public or elected officials, which could slow, but would not prevent, vote, or report results.

The cyber threats against election systems from this group

DDOS Attacks

A DDoS attack is designed to  slow or render election-related public-facing websites inaccessible by flooding the internet-accessible server with requests. This type of attack would prevents users from accessing online resources, such as voting information or non-official voting results.

SQL Injection

A SQL injection attack involves a threat actor inserting malicious code into the entry field of an application. SQL injection causes code to execute if entries have not been sanitized. SQL injections are among the most dangerous and common exploits affecting websites. A successful SQL injection into a CMS could enable a cyber actor access to network systems to manipulate content or falsify news reports prior to publication.

Spear-phishing messages

Spear-phishing emails often ask victims to fill out forms or verify information through links embedded in the email. Threat actors use spear phishing to gain access to information by stealing credentials. A malicious cyber actor could use compromised email access to spread disinformation to the victims’ contacts or collect information sent to or from the compromised account.

Public-facing website defacement

Public-facing website defacement is a attack that enables the attacker to upload images to the site’s landing page. In a government hosted elections site, a defacement will cast doubt on the security and legitimacy of the websites’ information. If cyber actors were able to successfully deface a website, this makes the public believe other election systems are compromised.

Disinformation campaigns

Disinformation campaigns are designed to sow discord, manipulate public discourse, or discredit the electoral system. Malicious actors use social media as well as fictitious and spoofed websites for these information campaigns. These actors will continue their attempts to create fictitious social media accounts that promote divisive story lines to sow discord, even after the election.