In recent weeks, nation-state hackers from Russia, China, and Iran have targeted people and organizations involved in the upcoming elections, including unsuccessful attacks on individuals associated with both the Trump and Biden campaigns. This announcement, made by the Head of Google’s Threat Analysis Group, Shane Huntley, is the latest indication of the digital espionage efforts aimed at political campaigns.
Huntley elaborated on how foreign adversaries have weaponized their cyber capabilities with malicious intentions. Forms of their digital spying include the malware campaigns that involve emailing malicious links that will either download malware directly, or prompt individuals to install the company’s antivirus software, ultimately downloading both the software and the hidden malware.
Or in other cases, hackers create a fake email account and use it to send spear-phishing emails to staffers associated with the on-going campaigns. The phishing emails either contain tracking links, or efforts to steal credentials from the individual. Though Russian hackers relied on this simplistic technique in 2016, in recent months they have stepped up their efforts by flooding accounts with password guesses until one of them works.
In addition, Huntley stated that this uptick in cyberattacks was "consistent" with what other groups, such as Microsoft, have seen from foreign adversaries targeting elections and even Covid-19 research.
"This summer, we and others observed threat actors from China, Russia and Iran targeting pharmaceutical companies and researchers involved in vaccine development efforts," Huntley said, describing the sinister attacks on Covid-19 research efforts.
Consequently, hospitals and healthcare systems have been hit by these threats. Earlier this month, for instance, systems at hundreds of hospitals in the Universal Health Services network temporarily crashed. In some cases, the attackers posed as recruiting professionals to trick individuals into downloading malware, while in other cases the attackers impersonated webmail portals to steal email credentials.
More than a strong warning, Huntley's detailed account of Google's response gives a glimpse into these attempts to disrupt the political process and jeopardize national safety. And although there is no evidence that the targeting of campaign staffers has been successful, looking ahead, hackers are continually increasing their efforts to gain access to government networks. In light of these concerns, it is safe to say that never before in this country's history has cybersecurity played such a major role in politics.