Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Says Iranian Hackers Accessed Voter Information

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert to warn that an Iranian threat actor recently accessed voter registration data.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert to warn that an Iranian threat actor recently accessed voter registration data.

The warning comes roughly one week after the United States revealed that the same adversary targeted Democratic voters in multiple states with emails seeking to intimidate them into voting for President Donald Trump.

In the previous alert, CISA and the FBI noted that the Iranian hackers targeted known vulnerabilities in virtual private network (VPN) products and content management systems (CMSs), including CVE-2020-5902 (code execution in F5 BIG-IP) and CVE-2017-9248 (XSS in Telerik UI).

Now, the two agencies reveal that the legitimate vulnerability scanner Acunetix was employed by the hackers in their endeavor, and that stolen data was used to send intimidation emails in at least four different states.

“CISA and the FBI assess this actor is responsible for the mass dissemination of voter intimidation emails to U.S. citizens and the dissemination of U.S. election-related disinformation in mid-October 2020. Further evaluation by CISA and the FBI has identified the targeting of U.S. state election websites was an intentional effort to influence and interfere with the 2020 U.S. presidential election,” the alert reads.

Between September 29 and October 17, the adversary launched attacks on U.S. state websites, including election websites, to access voter information, CISA and the FBI say.

Observed activity includes exploitation of known vulnerabilities, the use of web shells, and the abuse of web application bugs.

“CISA and the FBI can confirm that the actor successfully obtained voter registration data in at least one state. The access of voter registration data appeared to involve the abuse of website misconfigurations and a scripted process using the cURL tool to iterate through voter records,” CISA and the FBI say.

The two agencies also note that not all of the observed activity could be attributed to the same Iranian threat actor (which posed as the hate group Proud Boys), but did not share details on other threat groups involved in election targeting.

According to the alert, the Iran-based adversary used open-source queries to access PDF documents from state voter sites and also researched specific information to leverage in their exploitation attempts, namely the YOURLS exploit, bypassing the ModSecurity web application firewall, detecting web application firewalls, and an SQLmap tool.

To stay protected, the two agencies say, organizations should make sure their applications and systems are always up to date, that known vulnerabilities are identified and addressed, firewalls and other protections are implemented, and that two-factor authentication is used.

Related: US Officials Link Iran to Emails Meant to Intimidate Voters

Related: U.S. Voter Data Traded on Hacker Forums: Researchers

Related: Misconfigured Database Exposes Details of 191 Million Voters

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.