The US elections are tomorrow, and it appears that the most probable cybersecurity incidents likely to arise in connection with them are disinformation efforts intended to exacerbate fissures in civil society. The security of the vote itself seems unlikely to be compromised. It’s also possible, as POLITICO notes, that various accidents, malfunctions, or misunderstandings could be misread as cyberattacks. For example, false rumors about the unreliability of new and less familiar voting machines could gain currency. Election officials in the states are urging patience and skepticism.
There have been follow-ups to earlier reports of hostile activity. The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a description of how Iranian threat actors used the Acunetix vulnerability scanner to search websites for voter registration information. Tehran subsequently used the information they obtained from the scans to mount the bogus and implausible Proud Boys campaign of threatening emails, quickly exposed and debunked.
Cybereason researchers have released an account of North Korea’s Kimsuky activity (the work of a group also known as Velvet Cholima, Black Banshee, and Thallium). Their research amplifies information developed and shared by CISA last week. Cybereason offers several new pieces of analysis, including descriptions of the KGH_SPY modular spyware toolset and the CSPY Downloader, both of which lend additional stealth to the group’s operations.
WIRED describes a new scam, evidently the work of Russian criminal gangs, that phishes victims with bogus invitations to cooperate on Google Drive documents (basically another way of delivering malicious links).