New reports Monday revealed that Iranian hackers accessed a United States municipal website that reported unofficial 2020 election results but were stopped by the US Cyber Command and did not affect voting.
At a recent RSA Cybersecurity conference in San Francisco, Major General William Hartman, head of the US Cyber Command's Cyber National Mission Force (CNMF), said there was never a risk of changed vote counts, given that election night websites reported initial data instead of certified ballot results. U.S. officials were concerned that Iranian hackers could obtain access to the website and purposely mislead the public by posting fake electoral results.
"Our concern is always that some type of web defacement on the night of the election could make it look like the vote had been tampered with when that is absolutely not true," General Hartman said.
He went on to say that the Cyber Command found Iranian intrusion during a mission in foreign cyberspace, prompting the US military to enact its own cyber operation to remove Iranians off the network to make sure that they could not "come back into the network" following the run-up to the 2020 Presidential election.
The General did not name the US City network affected by Iranian hackers but did say that the Iranian group, Pioneer Kitten, was the one that engaged in such cyberattacks.
The General went on to note that Pioneer Kitten was one of many other foreign groups which tried to interfere in the 2020 elections, noting that other Iranian hackers in that same year created fake emails from groups like the Proud Boys and others to threaten voters and sow discord. The CNMF received a notification from the Cybersecurity and Infrastructure Security Agency (CISA) about the discovery of Pioneer Kitten's actions in 2020.
"To be clear, this is not the infrastructure involved in casting a vote, it is not involved in counting a vote, but our concern is always that some type of website defacement or DDoS, something that took the website down or defaced the website, say on the night of the election could make it look like the vote had been tampered with when that is absolutely not true," Hartman said at the conference.
Eric Goldstein, Executive Assistant Director at CISA, spoke to reporters at the conference stating that the agency was "concerned with systems that could weigh on the perception of a potential compromise, and that is why this work was so important, so critical to get ahead of this activity and ensure that the victim's jurisdiction had all they needed to make sure their systems were safe, secure and resilient well in advance of the election occurring."
Asked to comment about the issue, a US State Department spokesperson referred to the US Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA). The State Department official did tell The Foreign Desk that the US is “regularly tracking malicious cyber activity carried about by state and non-state actors alike.”
“Through sanctions and law enforcement action, and in cooperation with partners and allies, the United States is constantly taking action to deter and counter hacking from Iran and elsewhere. We do not preview these steps,” a State Department spokesperson told the Foreign Desk.
“Our message to the American public and to would-be hackers is a clear one: the Biden Administration will do what is necessary to protect and defend its citizens from Iran and Iran-backed threats, whether in cyberspace or elsewhere,” the spokesperson said.
Officials say that the attempt by Iranian hackers to meddle in 2020 highlights how US cyberspace has become a critical frontier in protecting American elections. Following the efforts by the Russian government to interfere in the 2016 election, US Cyber Command has increased its efforts to prevent cyberattacks from rogue regimes like Iran, Russia, China, and North Korea from hacking into American voting machines, healthcare infrastructure, and military systems.
The Islamic Republic has increased its cyberterrorism capabilities by attacking American and Israeli infrastructure to sow discord and chaos. Despite officials from the Islamic Republic denying efforts to hack into American technology, tech companies have found instances where Iranian hackers have tried to tamper with critical infrastructure. Last week, a report from Microsoft Threat Intelligence found Iranian hackers known as "Mint Sandstorm" changing their tactics and targeting capabilities against US transportation infrastructure, including ports, energy companies, and transit systems.
In 2021, following previous revelations that Iran and Russia tried to interfere in the 2020 US Presidential elections, the Biden administration sanctioned several Iranian hackers and the Iranian cyber company Emennet Pasargad for interference.
Related Story: Iran Regime’s Cyber Spy Group ‘APT42’ Targets Iran Dissidents, American Officials