Mandiant ‘very confident’ cyberspies will target elections • The Register

Mandiant is “very confident” that foreign cyberspies will target US election infrastructure, organizations and individuals in the run-up to November’s midterm elections.

Based on the recent activities of various threat groups as well as previous attacks on elections, the security firm expects nation-state-backed gangs in Russia, China and Iran to attempt cyber espionage against the US government and election-related organizations.

“We have been following activities by groups associated with Russia, China, Iran, North Korea and other nations targeting organizations and individuals related to US and/or other nations elections, with apparent targets pursued by from the gathering of information to the establishment of bases or the theft of data, later activity on a known case of a destructive attack on a critical election infrastructure”, the Mandiant team said in research published today.

Mandiant’s threat hunters also say with “moderate confidence” that distributed denial-of-service (DDoS), ransomware, or other disruptive and/or destructive attacks will affect the elections.

As we’ve seen in previous elections, Russia, Iran and China are likely to use information operations to “intimidate or influence” US voters, they noted. This is usually done to discourage citizens from voting or to antagonize them, causing riots.

Hijacking Voting Machines… Unlikely?

However, amid the likely cyberespionage, misinformation campaigns, and possible ransomware infections, there is a silver lining when it comes to the mechanics of the voting itself.

“We believe that significant compromises of actual voting machines or other activities affecting the integrity of voting are unlikely,” the researchers report. But that doesn’t mean some villains don’t try.

While real criminals are unlikely to publicize their illegal actions in advance, a security researcher recently found Bought a Dominion ImageCast X voting device on eBay before Michigan officials even knew it was missing.

Harri Hursti, an election security expert who works for state officials who test voting machines for errors, paid $1,200 for the machine and then emailed the Michigan Secretary of State’s office about the deal.

The machine – and how it ended up being sold illegally on eBay – is now the subject of a detection.

Aside from voting machine hacks, Mandiant — which Google is trying to buy for more than $5 billion — has suggested who is likely to disrupt or disrupt the US election. As indicated above, Russia, Iran and China top the list.

How to recognize fake news

With reference to election misinformationRussia’s Internet Research Agency (IRA) is likely to promote right-wing narratives related to Midterms 2022, as it did in the run-up to the 2016 and presidential elections 2020.

Mandiant’s threat intelligence team observed two fake accounts posted on Twitter and other websites pretending to be editors at a Kremlin-affiliated Pseudo news organization called Newsroom for American and European Based Citizens (NAEBC). Her favorite topics include the midterm elections, the US economy and energy prices, and the Russian invasion of Ukraine.

Additionally supported by Beijing dragon bridgewhich runs 72 fake news websites and social media accounts promoting pro-Chinese propaganda and criticizing America and its allies, has already focused on election-related issues.

“Using a tactic first observed during Dragonbridge communications alignment Some Western rare earth miner accounts have posted comments using first-person pronouns to feign concern, implying they are American,” the threat researchers noted.

Mandiant also observed a pro-Iran Distinguished Impersonator Influencing during the 2018 midterm elections and expects similar activity in this election cycle. In this case, the operation used fake accounts posing as US political candidates to spread false narratives.

The campaign also managed to get letters, blogs and guest columns published on legitimate US news outlets, and created fake journalist personalities to interview real people who expressed views aligned with Iranian interests.

Election cyber espionage

The four nation-state-sponsored gangs most likely to target the 2022 midterm elections include China’s APT41 and APT31, Russia’s APT29 and the newly named APT42, which Mandiant founded earlier this week connected to Iran’s Islamic Revolutionary Guard Corps, a terrorist group that had plotted to assassinate US citizens, including former national security adviser John Bolton.

APT41also known as Barium, Wicked Panda and Wicked Spider, has ties to the Chinese Ministry of State Security, while APT31 (aka Judgment Panda and Zirconium) has also been linked to the Chinese government by security researchers.

And APT29, which is being tracked by Microsoft nobelium and everyone else calls Cozy Bear, has been attributed to Russian foreign intelligence. It is probably best known for compromising the Democratic National Committee before the 2016 election and the infamous Solar Winds Attack on the supply chain.

Additionally, Mandiant identified a handful of other threat groups from those three nations as “possible activity” around the election.

“However, this list should not be taken as exhaustive; it is possible that other known actors or previously unobserved groups are also involved in relevant cyber threat activities,” the study states. ® Mandiant ‘very confident’ cyberspies will target elections • The Register

Laura Coffey

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button