Numerous state-sponsored threat groups are expected with high confidence by Mandiant to launch cyberespionage efforts against U.S. election infrastructure as the midterm polls near, according to The Register.
"We have tracked activity from groups associated with Russia, China, Iran, North Korea, and other nations targeting organizations and individuals related to elections in the U.S. and/or other nations with apparent goals ranging from information collection and establishing footholds or stealing data for later activity to one known case of a destructive attack against critical election infrastructure," said Mandiant.
Meanwhile, Mandiant has expressed "moderate confidence" about election disruption as a result of ransomware, distributed denial-of-service, and other cyberattacks. While information operations are likely to be leveraged by Russia, China, and Iran, they are unlikely to hijack voting machines, according to Mandiant.
"We believe notable compromises of actual voting devices or other activity impacting the integrity of votes is unlikely," said researchers.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.