Mandiant’s ‘very confident’ cyber spies will target elections
Mandiant is “highly confident” that foreign cyber spies will target US election infrastructure, organizations and individuals in the run-up to November’s midterm elections.
Based on recent activity by various threat groups, as well as previous election targeting, the security firm expects nation-state-backed gangs in Russia, China, and Iran to attempt to conduct cyber espionage against US government and election-related attire.
“We have been tracking the activity of groups associated with Russia, China, Iran, North Korea and other countries targeting organizations and individuals linked to elections in the United States and/or other countries with apparent objectives ranging from intelligence gathering to establishing anchor points or theft of data for further activity to a known instance of a destructive attack on critical election infrastructure,” the Mandiant team said. in a study published today.
Mandiant threat hunters also claim with “moderate confidence” that distributed denial of service (DDoS), ransomware or other disruptive and/or destructive attacks will impact the election.
Moreover, as we have seen in previous elections, Russia, Iran and China will likely use information operations to “intimidate or influence” American voters, they noted. This is usually to dissuade citizens from voting or to turn them against each other, which leads to unrest.
Hijacking of voting machines… improbable?
However, amid likely cyber espionage, disinformation campaigns, and possible ransomware infections, there is a silver lining when it comes to the mechanics of voting itself.
“We believe that noticeable compromises to actual voting devices or other activities impacting vote integrity are unlikely,” the researchers report. But that doesn’t mean that some disbelievers don’t try.
While real criminals are unlikely to go public with their illicit actions beforehand, a security researcher recently purchased a Dominion ImageCast X voting machine on eBay before Michigan officials even knew it was missing.
Harri Hursti, an election security expert who works for state officials testing voting machine bugs, paid $1,200 for the machine, then emailed the Michigan secretary of state’s office about the deal.
The machine – and how it ended up illegally for sale on eBay – is now under investigation.
Voting machine hacks aside, Mandiant – which Google is trying to buy for more than $5 billion – suggested who is likely to interfere or disrupt US elections. As noted above, Russia, Iran, and China top the list.
How to spot fake news
In terms of election disinformation, the Russian Internet Research Agency (IRA) will likely promote right-wing narratives related to the 2022 midterm elections, as it did in the run-up to the 2016 presidential elections. and 2020.
Mandiant’s threat intelligence team observed two fake accounts, posted on Twitter and other sites, claiming to be editors of a pseudo-Kremlin-linked news organization called Newsroom for American and European Based Citizens (NAEBC ). Their favorite topics include the midterm elections, the US economy and energy prices, and the Russian invasion of Ukraine.
Additionally, the Beijing-backed Dragonbridge, which operates 72 fake news websites and social media accounts spreading pro-China propaganda and criticizing America and its allies, has already turned to election-related topics.
“Using a tactic first seen in Dragonbridge messaging targeting western rare earth mining companies, some accounts posted comments using first-person pronouns to feign concern, implying they were Americans. “, noted the threat researchers.
Mandiant also observed a pro-Iran Distinguished Impersonator influence campaign during the 2018 midterms, and expects to see similar activity in this election cycle. In this case, the operation used fake accounts posing as US political candidates to spread false narratives.
The campaign has also been successful in getting letters, blogs and guest columns published in legitimate US media outlets, and created fake reporter personas to interview real people expressing views aligned with Iranian interests.
Electoral cyber espionage
The four nation-state-sponsored gangs most likely to target the 2022 midterm elections are APT41 and APT31 in China, APT29 in Russia, and the new APT42, which Mandiant earlier this week linked to the Corps. Iran’s Islamic Revolutionary Guards, a terrorist group that has plotted to assassinate American citizens, including former national security adviser John Bolton.
APT41, also known as Barium, Wicked Panda, and Wicked Spider, has ties to the Chinese Ministry of State Security, while APT31 (aka Judgment Panda and Zirconium) has also been linked to the Chinese government through security researchers.
And APT29, which Microsoft tracks as Nobelium and everyone calls Cozy Bear, has been assigned to Russia’s foreign intelligence service. He is probably best known for compromising the Democratic National Committee before the 2016 election and the infamous SolarWinds supply chain attack.
Additionally, Mandiant called a handful of other threatening groups from those three countries “possible activity” around the election.
“However, this list should not be considered exhaustive; it is possible that other known actors or previously unobserved groups are also engaging in relevant cyber threat activity,” according to the research. ®