Cyber threats and US midterm elections.

Threat actors have been undertaking various efforts to interfere in US midterm elections.

County election workers targets of phishing.

Researchers at Trellix have observed a spike in phishing emails targeting county election workers in Pennsylvania and Arizona ahead of the states’ upcoming midterm elections. The emails are attempting to steal credentials or trick the user into downloading malware. The researchers note that an attacker could use this access to achieve several goals:

“The attacker could access election process documents, voter records, colleague contact lists, administrative tools and a variety of other documents and forms. The attacker could send voters incorrect election process information to mislead them into invalidating their votes or create confusion in the lead up to election day that undermines their confidence in the process.

“The attacker could identify other officials via organizational contact lists and use them to target individuals who might have higher level access to more critical election and voting tabulation processes.

“Finally, the attacker could sell the stolen credentials on an underground forum to nation state actors or other malicious parties, such as ransomware operators capable of locking up key systems just days before the election.”

These efforts can therefore have a conventional criminal dimension as well as a political purpose. The two goals aren't mutually exclusive.

Russian, Chinese, and Iranian influence operations.

Recorded Future released a report on Thursday looking at foreign influence operations targeting the US midterm elections:

“Russian influence capabilities have very likely deteriorated as a result of the nation’s war against Ukraine. However, the Russian government likely views US electoral interference and voter influence as an appropriate response to the US’s defensive military support of Ukraine and the international isolation of Russia’s economy. Russian influence networks are almost certainly attempting to manipulate US public opinion by sowing discord around divisive US political and societal affairs as well as Americans’ overall confidence in US institutions.

“China’s state-sponsored influencers are almost certainly conducting malign influence operations targeting English and Chinese speaking US audiences with divisive political multimedia content on social media. This recent activity signifies a shift in tactics from previous US elections, where China’s influencers were less active in attempts to influence US voters.”

The researchers add, “The magnitude of Iran’s malign influence operations against the US midterm elections will likely be affected by progress on renewing the Joint Comprehensive Plan of Action (JCPOA; Iran nuclear deal) prior to November 8, 2022. At a minimum, we expect Iran to conduct limited malign influence activities focused on increasing US domestic polarization.”

Domestic misinformation.

Recorded Future also expects to see “domestic extremists, fringe sources, and prominent individuals” in the US to spread misinformation during the election cycle. The Wall Street Journal quotes Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), as saying, “We do have some portion of the American public that does not believe in the legitimacy of the 2020 election despite all of the extensive evidence—the recounts, the audits—that showed that no voting system altered, changed, deleted a vote, or was compromised.” It may prove difficult to distinguish domestic disinformation campaigns from the more aggressive forms of politicking.