Hackers working for Iran broke into a U.S. city’s website ahead of the 2020 election with the possible intention of altering the unofficial vote counts shown on Election Day, a senior military cyber official said Monday.
The alleged incident, which has not been previously reported, is distinct from other allegations of Iranian election interference attempts that U.S. officials announced in the days before that election. The U.S. removed the hackers before they could do any harm.
Army Maj. Gen. William J. Hartman, head of U.S. Cyber Command’s Cyber National Mission Force, which specializes in operations like protecting elections, described the incident at the RSA Conference, a cybersecurity industry event.
Hartman declined to share specifics about the incident. “All I’m going to tell you is that we were able to go out and remediate the access that they had in these networks,” he said.
The hackers were members of a hacker group that the cybersecurity company CrowdStrike calls “Pioneer Kitten,” Hartman said. CrowdStrike has reported that those hackers are likely to be contractors working for Iran and that they specialize in gaining access to sensitive systems.
“We detected that that malicious cyber actor had gained access to a city’s local infrastructure that would be used to report the results of voting for the 2020 elections,” Hartman said. Hartman did not say which city’s website was breached.
“To be clear, this isn’t infrastructure involved in casting a vote,” Hartman added.
Iran’s Ministry of Foreign Affairs did not respond to a request for comment
U.S. Cyber Command specializes in addressing foreign cyber threats and rarely speaks openly about their operations. Cyber Command worked to get the news of the attack on the U.S. city’s networks declassified specifically to present that information at the conference, a spokesperson said.
The subject of Hartman’s panel was the work that the Cyber National Mission Force conducts with the Cybersecurity and Infrastructure Security Agency, the federal government’s top cyber defense advisory body. He spoke at the event with CISA’s second in command, Eric Goldstein.
“Given the target and given the actor, we wanted to move quickly,” Goldstein said.
Most equipment directly involved with casting a ballot in U.S. elections is not connected to the internet, making hacking those systems at scale practically impossible. But that means that other aspects of the voting process that are online can be targets for malicious hackers.
Local governments often manage their own election-night reporting websites that report the results of elections as they’re tallied. While those results aren’t official, news reporters and the public can check them as votes come in to estimate election results.
Election security experts have long warned that election-night reporting websites can be targets for attack. Russia allegedly hacked the Ukrainian presidential election reporting site in 2014 to make it falsely appear that a fringe pro-Russia candidate won in an enormous upset.
Hartman’s example is believed to be the first public instance of an allegation detailing a foreign government’s trying to hack an election-night reporting site in the U.S.
The U.S. previously accused Iran of orchestrating a campaign to sow doubts about the integrity of the 2020 presidential election, including obtaining voter records from one state and sending threatening emails to some voters. The Justice Department charged two Iranian nationals over the incident.