The FBI announced Tuesday that three separate "coordinated" phishing operations targeted elected officials in at least nine states in October.
"If successful, this activity may provide cyber actors with sustained, undetected access to a victim's systems," the FBI said in a private industry notification.
"As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials."
Cybercriminals sent an invoice-like email with an attachment disguised as a PDF or Microsoft Word document that, when read, directed visitors to a credential-harvesting website. By clicking on the fake links, users risked being infected with malware or giving hackers access to personal information.
The first incident occurred on Oct. 5, when anonymous attackers attempted to acquire the login credentials of elected officials using two email addresses, one of which came from a stolen account of a government employee. Two similar phishing efforts occurred less than two weeks later, both from email addresses associated with U.S. organizations.
The FBI did not specify which states or officials were targeted, nor did it say whether any of the intrusions were successful or whether critical information was compromised. Despite the fact that the intrusions occurred over six months ago, the FBI is reminding state and local government leaders that the threat remains very real as the 2022 election season approaches.
It is recommended that network defenders educate email users, such as the election officials targeted in these attacks, on how to spot phishing, social engineering, and spoofing attempts and to always confirm requests for sensitive information, including passwords, through secondary channels.
They're also being advised to put in place procedures that allow election officials and staff to report suspicious emails and to mandate multi-factor authentication (MFA) on webmail, virtual private networks, and other services that can be exploited to access crucial systems.
According to CISA, state-sponsored hackers used VPN and Windows security holes to successfully penetrate and breach U.S. election support systems.
However, CISA found no indication that the APT actors were able to utilize their access to jeopardize the "integrity of elections data," as stated by CISA.
In response to the threat, the FBI recommends that businesses and government officials implement a number of preventative security measures, such as educating employees on how to identify phishing attempts, developing protocols for employees to report suspicious emails, and requiring strong, unique passwords for all accounts with password logins.
The full list of recommendations may be seen in the FBI's official notification report, and any suspected phishing attempts should be reported to your local FBI Field Office.
