Report: Hackers Breach Two State Election Databases, FBI Warns
FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois.
Two US states' election databases have been breached, according to a confidential flash alert issued Aug. 18 by the FBI's Cyber Division, and obtained by Yahoo News.
The alert, labeled as restricted for "DIRECT NEED TO KNOW" recipients, was issued three days after Homeland Security Secretary Jeh Johnson told election officials, during a Aug. 15 conference call, that the Department of Homeland Security was not aware of “specific or credible cybersecurity threats” to the election.
Johnson also recently said the agency is "thinking about" bringing the country’s election system under its purview to guard it against cyberattacks, designating it as critical infrastructure.
Although the FBI advisory does not identify the states in question, Yahoo News reports that sources familiar with the document say it refers to Arizona and Illinois. Arizona's election system experienced an unidentified malware infection, reported Yahoo, and Illinois shut its voter registration system down for 10 days in late July after 200,000 voters' data was exfiltrated.
Presumably, it was the compromise of this Illinois voter database that the FBI described in its alert. According to the document, attackers used Acunetix to discover a SQL injection vulnerability, and then SQLMap to exploit it.
According to Yahoo: "The FBI advisory also listed eight separate IP addresses that were the sources of the two attacks and suggested that the attacks may have been linked, noting that one of the IP addresses was used in both intrusions."
For more information, see Yahoo News.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024