FBI: Russian hacking group stole data after targeting local governments
Energetic Bear, a Russian state-sponsored hacking group, has stolen data from two servers after targeting state and federal government networks in the U.S. since at least September, the FBI and Cybersecurity and Infrastructure Security Agency said on Thursday.
Driving the news: Director of National Intelligence John Ratcliffe announced Wednesday that Iran and Russia had obtained voter registration information that could be used to undermine confidence in the U.S. election system.
- The FBI and CISA said Thursday they do not have evidence that Energetic Bear compromised elections data or government operations.
- In at least one compromise of a state or local government server, Energetic Bear accessed documents related to sensitive passwords, vendors, and printing access badges, the agencies said.
What they're saying: "To date, the FBI and CISA have no information to indicate this [advanced persistent threat] actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize [state, local, territorial, and tribal] government entities."
Between the lines: The New York Times reports that while Ratcliffe focused his Wednesday night press briefing primarily on the Iran findings, many intelligence officials remain "far more concerned about Russia, which in recent days has hacked into state and local computer networks in breaches that could allow Moscow broader access to American voting infrastructure," according to the Times.
- One official compared the Iranian efforts to Single A baseball, while the Russians are more like major leaguers, according to the Times.
- Both countries' interference efforts could result in “perception hacks," which could be used to undermine confidence and lead to inaccurate and overblown allegations of election fraud.
The bottom line: William Evanina, the nation's top counterintelligence official, said this summer that China, Russia and Iran present the most pressing threats for election interference in the 2020 presidential race.