(Bloomberg) -- Russia has been targeting U.S. government agencies since at least September and may be planning more severe attacks in the days leading up to Election Day and even afterward, according to a cybersecurity advisory issued by a pair of U.S. agencies.
Russian state-sponsored operators have been targeting dozens of government and aviation networks, including successful attacks against two unnamed victims whose data was stolen as of Oct. 1, according to one of two guidances issued jointly by the FBI and the Cybersecurity Infrastructure Security Agency, known as CISA. There’s no evidence that the attacks have disrupted victims in aviation, education, elections or government, yet the agencies called for heightened awareness in case attackers return, especially in the days leading up to the Nov. 3 election.
“The actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize” local government entities, according to the advisory issued Thursday. “There may be some risk to elections information. However, the FBI and CISA have no evidence to date that integrity of data has been compromised.”
The Russian state-sponsored group is known by various nicknames, including Berserk Bear and Crouching Yeti.
The agencies issued another alert simultaneously, warning against malicious Iranian actors seeking to interfere and sow discord in the U.S. elections. Also state-sponsored hackers, these groups are creating fake media sites and spoofing legitimate media to spread “U.S. voter registration data, anti-American propaganda and misinformation,” according to the guidance.
The warnings came a day after Director of National Intelligence John Ratcliffe accused Iran of escalating efforts to interfere in the closing days of the presidential election, saying the Islamic Republic faked a series of intimidating messages to Democratic voters. While the email campaign -- which impersonated the right-wing Proud Boys group -- reached fewer than 3,000 users, according to cyber-researchers at Proofpoint (NASDAQ:PFPT) Inc., the attempt to interfere came amid heightened fears of nation-state meddling in the coming days.
These same Iranian actors are known for taking down websites, hacking databases and sending spear-phishing messages, which could render “these systems temporarily inaccessible to the public or election officials, which could slow, but not prevent, voting or the reporting of voting results,” read the joint statement.
In addition, the Treasury Department on Thursday sanctioned five Iranian entities for “having directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in the 2020 U.S. presidential election.” The sanctioned groups include the Islamic Revolutionary Guard Corps, the IRGC-Qods Force and Bayan Rasaneh Gostar Institute.
“The Iranian regime has targeted the United States’ electoral process with brazen attempts to sow discord among the voting populace by spreading disinformation online and executing malign influence operations aimed at misleading U.S. voters,” the department said in a statement.
The Russian hacking group named by CISA has been connected to breaches in the U.S., Europe and elsewhere, according to the cybersecurity firm FireEye (NASDAQ:FEYE) Inc.. They’re accused of hacking energy providers, water infrastructure, airports and an election-related organization in the last several years.
“We have actively tracked targeting of state and local systems by this actor in the lead up to the election,” said John Hultquist, a senior director at FireEye, in a statement. “Access to these systems could enable disruption or could be an end in itself, allowing the actor to seize on perceptions of election insecurity and undermine the democratic process.” He added that the firm has no evidence that the group has the capability to alter votes.
Earlier this month, CISA alerted the public of “malicious activity” targeting government networks at the federal, state and local level. “There may be some risk to elections information housed on government networks,” the agency warned at the time. “CISA is aware of some instances where this activity resulted in unauthorized access to elections support system.”
“The fact that these countries reportedly continue to engage in easily-compromised influence operations aimed at influencing U.S. and other elections tells you that the Western response to their past actions has failed to establish deterrence,” Norman Roule, a former senior U.S. intelligence officer, said of the Ratcliffe’s announcement on Wednesday. “Such operations have profound consequences that go beyond any one election and any single country.”
(Updates with Treasury sanctions in eighth paragraph)
©2020 Bloomberg L.P.