Breaking news regarding the presidential election of 2020 indicates that hackers, possibly nation-state actors have gained access to election systems. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have alerted the relevant authorities regarding the hack. CISA stated in some instances, there was authorized access spotted to election support systems.
Hackers access US election Systems
Officials at CISA speculate that hackers were able to access the election systems via a combination of vulnerabilities. This is also known as “vulnerability chaining” often used by hackers to access massive data records. This tactic has also been used at federal, state, and local levels before. Experts state that chaining of vulnerabilities is employed at territorial (SLTT) government networks, critical infrastructure, and elections organizations as well.
Amidst raised concerns regarding the data breach, the agency, which is part of the Department of Homeland Security, assured citizens there is no evidence suggesting that the integrity of data pertaining to elections was compromised. The agency gave the following statement, “it does not appear these targets are being selected because of their proximity to elections information.”
The FBI and CISA have uncovered that the hackers spotted a Virtual Private Network (VPN) vulnerability flaw in the system at Netlogon, a Windows protocol to authenticate users. They used this vulnerability to access the election systems. “Patches are available for all of the vulnerabilities referenced in the joint cybersecurity advisory from CISA and the FBI,” stated a cybersecurity company, in a statement issued to Fox News. “Most of the vulnerabilities had patches available for them following their disclosure.”
FBI and CISA assure that no data was compromised
“The alert did not state explicitly who the bad actors were, only referring to them as “advanced persistent threat (APT) actors,” added the cybersecurity company.
CISA had previously expected that election system data could be compromised, it stated “there are steps that election officials, their supporting … IT staff, and vendors can take to help defend against this malicious cyber activity.” The 2020 presidential election is going to be a monumental event in the history of the United States governance. It is only natural that such events would occur.
On October 7th, the Microsoft Security Intelligence tweeted, “We’re seeing more activity leveraging the CVE-2020-1472 exploit (ZeroLogon). A new campaign shrewdly poses as software updates that connect to known CHIMBORAZO (TA505) C2 infrastructure. The fake updates lead to UAC bypass and use of wscript.exe to run malicious scripts.”
The Microsoft Security Intelligence had also uncovered in September that Russian, Chinese and Iranian actors targeting the 2020 U.S. presidential elections.”The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported,” Microsoft said in a statement.