Hackers working for Iran broke into a US city’s website ahead of the 2020 election with the possible intent of tampering with unofficial vote tallies displayed on Election Day, it said Monday a senior military cyber official.
The previously unreported alleged incident is distinct from other allegations of attempted Iranian election interference that US officials announced in the days leading up to the election. The United States eliminated the pirates before they could do any damage.
US Army Maj. Gen. William J. Hartman, head of the US Cyber Command’s National Cyber Mission Force, which specializes in operations such as election protection, described the incident at the RSA Conference. , a cybersecurity industry event.
Hartman declined to share details about the incident. “All I’m going to tell you is that we were able to go out and remedy the access they had on these networks,” he said.
The hackers were members of a group of hackers that cybersecurity company Crowdstrike calls «Pioneer Kitten,» Hartman said. crowd hit has reported that those hackers are likely contractors working for Iran who specialize in gaining access to sensitive systems.
“We detected that this malicious cyber actor had gained access to a city’s local infrastructure that would be used to report voting results for the 2020 election,” Hartman said. Hartman did not say which city website was breached.
“To be clear, this is not infrastructure involved in casting a vote,” Hartman added.
Iran’s foreign ministry did not respond to a request for comment.
US Cyber Command specializes in addressing foreign cyber threats and rarely speaks openly about its operations. Cyber Command worked to declassify news of the attack on the US city’s networks specifically to present that information at the conference, a spokesman said.
The subject of Hartman’s panel was the work the Cyber National Mission Force is doing with the Cybersecurity and Infrastructure Security Agency, the federal government’s primary cyber defense advisory body. She spoke at the event with CISA’s second-in-command, Eric Goldstein.
“Given the goal and given the actor, we wanted to move quickly,” Goldstein said.
Most of the computers directly involved in casting votes in US elections are not connected to the Internet, making hacking into those systems on a large scale virtually impossible. But that means that other aspects of the voting process that are online can be targets for malicious hackers.
Local governments often run their own election night reporting websites that report election results as they are tallied. While those results are not official, they can be checked by news reporters and the public as the votes come in to estimate the election results.
Election security experts have long warned that election night information websites could be targeted. Russia allegedly hacked the 2014 Ukrainian presidential election information site to falsely appear as if a pro-Russian fringe candidate won in a huge upset.
The Hartman example is believed to be the first public instance of an indictment detailing a foreign government attempting to hack into a US election night information site.
The United States previously accused Iran of orchestrating a campaign to cast doubt on the integrity of the 2020 presidential election, including obtaining voter records from a state and sending threatening emails to some voters. The Justice Department charged two Iranian citizens with the incident.