U.S. officials on Thursday said Russian state-sponsored hackers have targeted the computer networks of dozens of state and local governments in the country, stealing data from at least two servers. The warning has amplified fears about foreign hackers’ latest moves ahead of Election Day.
In an advisory, intelligence experts at the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), said hackers with the group known variously as Berserk Bear, Energetic Bear, and TeamSpy, among other names, have logged in to government administrator accounts and then moved around in sensitive systems.
The stolen data included sensitive network configurations and passwords, IT instructions such as requesting password resets, vendors and purchasing information, and printing access badges.
While the hackers have exfiltrated data from at least two victim servers, the FBI and CISA said they have no information to indicate that the intruders have “intentionally disrupted any aviation, education, elections, or government operations.”
The agencies said while there may be some risk to elections information because the Russian government-backed hackers are targeting state and local networks, they have “no evidence to date that integrity of elections data has been compromised.”
“However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities,” the advisory read.
U.S. investigators have reported that Russian military intelligence hackers successfully infiltrated various state and local election offices during the 2016 campaign, saying the hack included sensitive information on about 500,000 voters. Federal executives, at the time, reported that they had no indication that the theft had interfered with the election or altered the results.