The latest advice from the Cyber Security and Infrastructure Security Agency (CISA) in cooperation with the FBI indicates that the FBI is aware of Iran’s Advanced Permanent Threat Act (APT), which targets US websites, including those related to elections.
There is a suspicion that a group of hackers have gained access to voter data and sent thousands of threatening letters: You vote for Trump on election day, or we’ll come get you.
There are reports that this may be the work of a right-wing extremist American group known as the Proud Boys, although this group has strongly denied these accusations.
The report confirms that voter registration details have been successfully obtained in at least one State, although the identity of that State remains a mystery.
Access to the data appears to be linked to the misuse of a bad website configuration and a bad scripting process using the cURL tool to search voter records.
An analysis by ICAR and the FBI showed that this station scans government websites using the Acunetix vulnerability scanner, a very popular web scanner.
It is highly desirable that people who do not regularly use Acunetix keep a close eye on their logs for activities derived from the list of IP addresses published by ICAR in the magazine Alert (AA20-304A).
In order to continue its efforts to collect and maintain the websites of the government elections, the FBI considers that this institution has also examined the following information:
- YOUR operation
- Bypassing the ModSecurity Web Application Firewall
- Detection of the web application firewall
- SQLmap tool
It has been established that between the 20th and 28th year of life. September 2020: several websites have been scanned for web vulnerabilities by the Acutenix platform. As can be seen from the following diagram, these activities have been carefully planned and phased over a longer period of time.
The Islamic Republic of Iran rejects the beaten accusations and fabricated, dilettantistic and fraudulent reports by the officials of the American regime and stresses once again that Tehran does not care which of the two candidates will reach the White House.
– Iranian Ministry of Foreign Affairs (@IRIMFA_NL) 22. October 2020
Yesterday, the United States imposed sanctions on eleven companies and five individuals linked to the Iranian oil industry. We will not give in if we pursue an entity or individual that helps the Iranian regime circumvent our sanctions.
– Secretary Pompeo (@SecPompeo) 30. October 2020
In a series of tweets, the Iranian government cuts off all links to these activities, and US minister Mike Pompeo reports in his official Twitter that he is imposing sanctions on various Iranian institutions.
You can follow us on Linkedin, Twitter, Facebook to get daily news about cybersecurity and hackers.
ICAR warns against malicious emotion attacks on government institutions with armed Word documents.
ICAR warns that Chinese hackers are attacking the American authorities with open source tools.