A team of researchers this month uncovered the sale of voter data stolen in an apparent hack against Iraq's Independent High Electoral Commission - yet incident in a pattern of increased malicious activity targeting elections in the Middle East and beyond.
Election cyber threats - which surged from 10% in 2015 to 26% in 2022 - are jeopardizing the integrity of democratic processes worldwide, the researchers say.
Threats against elections include leaks of voters data, incidents driving influence campaigns, and attacks that deem election systems unavailable.
Resecurity also uncovered a similar Dark Web posting from 2022, though this data was found to be corrupt.
The latest illicit tranche, by contrast, is the real deal.
Translation from Arabic of the key fields confirmed that the database contains voting information with details about voters, polling stations, and registration centers to collect votes, among other information.
Supply Chain Compromise Resecurity believes the breach was most likely the result of an IT supply chain compromise involving technology from third-party suppliers that the threat actors hacked.
The leak may have come from an insider with access to IHEC infrastructure, they say.
Election infrastructure systems are typically isolated from the internet - so a remote hack is less likely.
Iraqis are next due to go to the polls for parliamentary elections scheduled in October 2025.
Miscreants could employ the leaked voter data to craft targeted propaganda and campaigns on specific segments of voters.
Unlike compromised payment card data or passwords - both of which can be changed in response to a hack - leaked voter data remains exploitable years after the initial leak.
Iran and dissident Kurd nationalists are the two most likely suspects with some evidence pointing at the latter, according to Resecurity.
Leaked voter information and electoral interference has occurred across many countries, including the US, Iraq, Indonesia, Israel, Turkey and African nations, as detailed last week in a Resecurity blog post on its findings.
Cyber threats range from attacks on election infrastructure to influence campaigns aimed at shaping public opinion and policymaker decisions.
A group known as R00Tk1T CYBER TEAM recently targeted Qatar and Malaysia before a January 2024 release of a JSON dump with 90,000 voters from the past Parliamentary Elections in Lebanon.
Analysts from Resecurity's Hunter unit previously identified a data leak of 6.4 million Israeli voter records on the Eleaks cybercriminal forum.
The data leak, which was first flagged around 2021, has been reused multiple times, including at the start of the latest Israel-Gaza conflict, with bad actors weaponizing it to target specific individuals, including the family of Israeli military personnel.
Resecurity traced this leak back to a breach of Elector, an Israeli software application used to manage political campaigns.
Remain Vigilant Since threat actors are actively trying to acquire and exploit voter data, nations must both bolster their defenses, and remain vigilant, Resecurity researchers advise.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 20 Feb 2024 16:45:25 +0000