Active Russian cyberattacks are targeting a wide swath of American government networks, including those involved with the ongoing election, federal authorities revealed Thursday.
The focus of the effort include “U.S. state, local, territorial, and tribal government networks, as well as aviation networks,” according to a new bulletin from the FBI and the Cybersecurity and Infrastructure Security Agency.
It continued: “As this recent malicious activity has been directed at … government networks, there may be some risk to elections information … However, the FBI and CISA have no evidence to date that integrity of elections data has been compromised.”
U.S. officials said separately on Thursday afternoon that systems in two local government jurisdictions had been accessed, granting attackers admission to some limited data about voters.
The announcement followed one day after an in-person briefing by Director of National Intelligence John Ratcliffe and FBI Director Christopher Wray in which they warned about Russian interference as well as an Iranian scheme to intimidate voters with spoof emails.
The agencies involved have been warning for months, including with similar bulletins about cyberrisks confronting U.S. elections infrastructure, which they have suggested likely would focus on systems adjacent to core operations — such as a website that shows results — as opposed to the casting and counting of ballots themselves.
Ratcliffe, Wray and others have warned about the prospect that influence-mongers could exploit the headlines about cyberattacks, and some potential real exploits, to make claims about compromised election systems that might not be legitimate.
“We’ve been working for years as a community to build resilience in our election infrastructure — and today that infrastructure remains resilient,” Wray said on Wednesday evening. “You should be confident that your vote counts. Early, unverified claims to the contrary should be viewed with a healthy dose of skepticism.”
The bulletin on Thursday alluded to the prospect that the network activity detected by U.S. authorities could enable attackers to access sensitive systems, including even by printing access badges.
And even though American authorities said they’ve detected no disruptions, “the [attackers] may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize … government entities.”
It wasn’t immediately clear how or whether the U.S. might respond to the Russian cyberattacks discussed on Thursday afternoon, but earlier in the day the Treasury Department announced it has sanctioned a number of Iranian government entities in connection with what U.S. officials called their interference in the election.