Coordinated phishing campaign targeted election officials in nine states, according to FBI

Written by
Mar 29, 2022 | CYBERSCOOP

An invoice-themed phishing campaign targeted elections officials in at least nine states in October 2021, according to a warning the FBI issued Tuesday.

The attackers sought to steal login credentials and could have had “sustained, undetected” access to election administrators’ systems, the notice said.

The emails — sent in batches on at least three separate days — “shared similar attachment files, used compromised email addresses, and were sent close in time, suggesting a concerted effort to target US election officials,” the notice reads.

It’s unclear whether any of the phishing attacks were successful. The FBI did not immediately respond to a request for comment. “The FBI judges cyber actors will likely continue or increase their targeting of US election officials with phishing campaigns in the lead-up to the 2022 midterm elections,” the notice reads.

Phishing campaigns targeting election administrators through vendors, businesses, or other means was part of the Russian election interference campaign during the 2016 elections. In that case, emails purporting to be from Florida-based elections equipment vendor VR Systems was sent to 122 email addresses “associated with named local government organizations,” according to a National Security

Read More: