Posted on October 24, 2020 at 4:55 PM
The Russian government reportedly deployed its most professional and stealthiest hacking team to break into the US’ state and local government networks, although its motivations remain unknown.
After it was discovered that Russian state-backed hackers impacted the US presidential elections in 2016, the country spent a lot of time and effort in attempts to prevent something like that from happening the second time. However, the hackers still managed to hit dozens of US local and state government systems, only two months before the election date.
As time went by, these attacks continued, and now, there is only about a week and a half until November 3rd, when the elections are scheduled to take place.
However, cybersecurity officials are not worried about the act of targeting state and local government networks. No, their concern lies with who is conducting these attacks.
A dangerous attacker
Several months ago, US officials were quite concerned about the hackers who hit the US election systems in 2016, expecting them to come back this time, as well. However, in researching these smaller attacks, they discovered that a different group is causing trouble this time around.
The group is question is a Russian hacking gang known as Energetic Bear, or Dragonfly. This is a well-known name in the hacking world, and it is used by a group that commonly targets the energy sector.
These hackers had nothing to do with the 2016 elections, but they have been known for breaching the systems of various power grids, nuclear power plants, water treatment facilities, and alike. This is also the same group that hit the San Francisco International Airport’s Wi-Fi systems, as well as two other airports on the West Coast, only to find one unidentified traveler.
The hackers have demonstrated great power, strong resolve, and extreme resourcefulness.
However, before September, they were never caught targeting counties and states. Furthermore, the timing when the security researchers noticed these intrusions is suspicious, since it is so close to the actual elections. The possibility that they will somehow disrupt the process led to many concerns in law enforcement, security companies, and especially in intelligence agencies.
The hackers have quite a reputation
The Department of Homeland Security official noted that it is possible that Russians are sending the best they have this year. During the last election, the hacking group that attempted to manipulate the voting process was rather noisy, and it made a noticeable mess.
This group, however, is extremely well-known for its stealthy approach. The US officials recently described the hacking in an advisory, calling it ‘opportunistic,’ meaning that the hackers were allegedly scanning for any kind of flaw, and did not particularly focus on election infrastructure.
However, researchers were not reassured by such claims. Some of them have been trying to track Energetic Bear and stand in its way for years now. Adam Mayers, for example, who acts as the head of threat intelligence at CrowdStrike, believes that this was a preparatory series of attacks. In other words, hackers simply tested the defenses of the system in an attempt to find weak spots and know where they can get in, should the need arise.
This is the group’s typical approach, as they tend to cast a wide net, and then identify few targets of high value. They would also target low-security networks which are usually quite small, but they could provide access to major networks through them. So far, their success was nothing short of remarkable, as they conducted successful attacks in the US and Europe alike.
What do the Russians want?
The biggest concern right now is that these attacks clearly indicate that Russia has the intent and ability to target the important US systems. The question is what is it planning to do with it. Some believe that it might wait to see who will be elected, and then proceed to announce its hacking team’s presence.
If the country wants Trump to be re-elected and aims to improve its relationship with the US, then sending a stealthy team that can quietly withdraw makes sense. If Biden ends up the victor, and Russia doesn’t like that, it may use its hackers to delegitimize him, Entering the systems without much noise gives it different options, so the real question is — what is Russia after, and how will the eletion results fit into its plans?