In the wake of the Treasury Department citing “brazen attempts to sow discord” in the U.S. election process by Iran, other nation-state actors are ratcheting up activity in the final week before the election.
Based on recent activity, the three biggest threats are coming from Iran, Rusland, and China, according to a new verslag doen by cybersecurity firm Digital Shadows.
Verlede week, die VSA. Treasury Department warned about “components” of the Iranian Government, disguised as media outlets, attempting to subvert U.S. democratic processes and influence the election.
In early October, the Department of Justice gesê Iran’s Islamic Revolutionary Guard Corps used fake web domains, masquerading as legitimate news outlets, to influence U.S. domestic and foreign policy.
One of the domains published pseudo articles on President Trump, the Black Lives Matter movement, and police brutality, among other topics, according to Austin Merritt, a Cyber Threat Intelligence Analyst at Digital Shadows.
Four of the domain names, 'newsstand7.com,” 'usjournal.net,” “usjournal.us,” and “twtoday.net,” were seized pursuant to the Foreign Agents Registration Act (FARA), according to the Justice Department.
RUSSIA’S ‘HACK AND LEAK’
Russia is using a variety of tactics, including state-owned traditional media, bots, “hack and leak” operations and cooperation between organized crime groups and Russian government agencies, according to Digital Shadows.
“It’s an orchestrated operation that seems to operate without boundaries, and its lead-conspirators revel in attempts at subverting American democracy,” Merritt wrote.
Operations can be linked to Russia’s Foreign Intelligence Service (SVR) and the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) but “it’s the well-trained, sophisticated cybercriminals operating on their behalf that push disinformation we might encounter in our social media feeds,” Merritt added.
CHINA’S SOCIAL MEDIA CAMPAIGNS
Vroeër die jaar, cybersecurity teams at Twitter and Google spotted a campaign from Chinese cybercriminals that spanned several social media platforms, including Twitter and YouTube, Digital Shadows pointed out.
Op Twitter, the compromised accounts spread geopolitical narratives favorable to the Communist Party of China (CCP) and on YouTube, nation-state cybercriminal organizations acquired or hijacked existing accounts, focusing, byvoorbeeld, on divisive topics such as protests and COVID-19.
In reaksie daarop, Twitter removed more than 170,000 accounts tied to pro-China propaganda.
“The campaign demonstrated how sophisticated foreign actors might take an unconventional approach…by hijacking seemingly legitimate accounts instead of creating their own,” Digital Shadows said.
In another case, Facebook removed verby 150 accounts for violating its policy against foreign or government interference.
The Chinese campaign in this case included activity directed toward the U.S. 2020 verkiesings.
There is concern that some of these same cybercriminal organizations may use ransomware to target networks and machines critical in running U.S. verkiesings, according to Merritt.
“Nation-state attackers have already conducted surveillance operations on infrastructure that could impact the day of the U.S. verkiesing," hy het gesê, adding that attacks can hold voter information and election results hostage.
“A ransomware attack could deny access to voter registration data, verkiesingsuitslae, and other sensitive information. It could also inhibit access to essential election systems during critical operational periods, such as the date of the election, November 3rd,” according to Merritt.
Another report from research firm Netenrich gesê cybercriminals will possibly use the election as an opportunity for monetary gain via ransomware attacks. “These may be used in conjunction with big game hunting (BGH) activities targeting the Presidential candidates.”