FBI: Chinese hackers are scanning state political party headquarters

Source (https://wapo.st/3eDyVmO)
Chinese government hackers are scanning U.S. political party domains
ahead of next month's midterm elections, looking for vulnerable
systems as a potential precursor to hacking operations, and the FBI
is making a big push to alert potential victims to batten down the
hatches.
Over the past week, FBI agents in field offices across the country
have notified some Republican and Democratic state party headquarters
they might be targets of the Chinese hackers, according to party and
U.S. officials, who spoke on the condition of anonymity because
of the matter's sensitivity.
"The FBI is being considerably more proactive," one senior U.S.
official said. "It's part of a larger move that the FBI isn't waiting
for the attack to occur. They're increasingly trying to prevent."
The network scanning is part of a "comprehensive broad campaign"
by the Chinese to seek potential victims, the official said. "This is
what they do."
"The RNC remains secure and we have not been compromised,"
Republican National Committee spokesperson Emma Vaughn said
in an email.
"Cybersecurity remains a top priority for the entire Republican
ecosystem, which is why we place a premium on ensuring our
stakeholders have the necessary tools, resources and training on
best practices so that our Party remains protected and vigilant."
Agents similarly spoke to Democratic parties in several states,
a Democratic National Committee official said. "The DNC and
state parties have been in contact with the FBI," the official said.
"There is no evidence that any systems have been compromised."
A National Security Agency memo this month said the Chinese
hackers scanned more than 100 U.S. state-level political party
domains altogether. The memo said the hackers are suspected to
be the group formerly known as APT 1. In 2013, cybersecurity firm
Mandiant publicly revealed the existence of the espionage outfit,
its connections to the government of the People's Republic of China
(PRC) and the fact that it had stolen hundreds of terabytes worth
of data from at least 141 companies.
The political party domains were scanned "likely so the PRC cyber
actor could build a target network for possible future operations,"
the NSA said in its memo. An FBI notice said the hackers' effort
appeared centered on obtaining additional sub-domains to help build
that network.
Party organizations whose domains the Chinese hackers scanned
should audit their network logs and logins, the FBI recommended.
They also should make sure their systems have been patched.
Chinese government hackers in the past have compromised presidential
campaign systems to conduct political espionage. In 2008, according
to U.S. intelligence officials, they infiltrated the computer networks
of the campaigns of Barack Obama and John McCain, looking for
information that, for instance, might shed light on the campaigns'
positions on China.
In 2015 and 2016, Russian cyberspies hacked the Democratic National
Committee and Hillary Clinton's presidential campaign for espionage
and to interfere in the election. They also hacked into Republican state
political campaign arms, FBI Director James B. Comey said in 2017.
With less than a month until midterm elections, U.S. officials are
not seeing any signs of active threats by foreign governments to
election-related networks.
"We are seeing obviously a number of different actors that continue
to operate in terms of influence," U.S. Cyber Command and NSA chief
Gen. Paul Nakasone said at a Council on Foreign Relations event last
week. "We are seeing no significant indications of attacks that are
being planned right now."
As the 2016 presidential race showed, hackers can release stolen
information from political parties in an attempt to embarrass their
victims.
"Political parties are excellent sources of intelligence on
developing policy and they've been targeted for that purpose
by cyberespionage actors for some time, but as foreign election
interference has become commonplace, the risk is no longer just quiet
spy work," said John Hultquist, vice president of threat intelligence
at Mandiant. When successful, "intrusions like these can be leveraged
in hack-and-leak activity designed to manipulate the democratic
process."
Separately, China has stepped up attempts to sway U.S. voters in the
midterms, cybersecurity company Recorded Future's Insikt Group
concluded in a report last week.
"We've noticed an increase in China's state-sponsored influencers,
such as 'wolf warrior' diplomats, political pundits, and inauthentic
accounts, attempting to influence US voters," Craig Terron, director
of Insikt Group's global issues team, said via email. "This cycle,
China's influencers are actively conducting malign influence
operations campaigns against the 2022 elections, which signifies
a shift in tactics from previous US elections, where China's
influencers were less active in attempts to influence US voters."
More from Terron: "While we've seen China attempt to influence
voters, we have seen only limited attempts for China to directly
interfere with the midterm elections (whereby an agent from the
Ministry of State Security hired a private investigator to interfere
in the congressional election bid of a candidate). We expect
operations to continue at a similar pace as a result, particularly
as China's influence efforts generally seek to change perspectives
over the longer term rather than immediately impact decision-making."
Hackers, physical threats against election workers, insiders gaining
unauthorized access to election equipment and influence operations
are making the election threat environment "more complex than it
has ever been," Cybersecurity and Infrastructure Security Agency
Director Jen Easterly told reporters last week in a briefing about
efforts to protect the midterms.
"The security challenges are intertwined," she said. "They can't be
viewed in isolation when you think about foreign interference. In
many cases, the threat actors who are attempting to breach our
election systems are the same ones who are conducting influence
operations that seek to sow discord in our country."
China has denied past U.S. accusations of malfeasance in cyberspace,
saying the United States has instead victimized its country with
cyberattacks.

You are viewing proxied material from gopher.erb.pw. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.