Georgia’s Secretary of State Office has disclosed that the state’s election website experienced a cyber attack from a suspected nation-state threat actor.
Georgia voters started casting their ballots on October 15, with over 310,000 ballots cast on the first voting day, more than double the number (136,739) in 2020. The battleground state expects a high turnout, with over 1.5 million having voted early or requested absentee ballots.
Meanwhile, state officials have suggested that the attack was intended to prevent voters from requesting ballots to undermine the democratic process. Although it caused delays, voting and tallying processes were not compromised.
“It slowed our systems down for a little bit, but it never stopped our systems from working,” Gabe Sterling, Georgia’s Secretary of State Office chief operating officer told CNN.
The former Sandy Springs council member described the attack as a probing attempt to assess the state’s cybersecurity incident response: “From talking to experts, it felt like a probing attack, saying, ‘Hey, if we do this, what will they do in response?’”
Nonetheless, it was detected and mitigated on time, marking a “big win for our cyber security team and our partners,” Sterling said.
The incident raises concerns about foreign interference in the oncoming presidential elections amid heightened geopolitical tensions.
Nation-state actor linked to Georgia election website cyber attack
The Georgia state official said the election website cyber attack had “the hallmarks of a foreign power or a foreign entity at the behest of a foreign power.”
It involved numerous IP addresses and bogus traffic, typical of a distributed denial of service (DDoS) cyber attack. The attackers made over 420,000 attempts to crash the election website from various parts of the world.
San Francisco, California-based cloud security firm Cloudflare assisted Georgia in responding to the cyber attack to secure the election website. The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) are also aware of the cyber attack.
While disruption appears the likely motive, Minnesota Secretary of State and the National Association of Secretaries of States President Steve Simon believes there was more to the Georgia election website cyber attack.
“These aren’t attempts to get in and mess with elections equipment,” he said. “It really is an attempt to get out data about individuals.”
Meanwhile, the threat actor behind the Georgia election website cyber attack remains unknown or a closely guarded secret.
Nonetheless, Iranian hackers have probed various US election websites to discover vulnerabilities they could exploit to interfere with the elections. Russian and Chinese state-sponsored threat actors also remain a persistent nightmare for US elections and are currently engaged in disinformation campaigns.
Geopolitical rivals disrupting electoral process
According to US Attorney General Merrick Garland, Moscow-based state-controlled media company Russia Today (RT) allegedly paid an American firm $10 million to distribute Russian government propaganda to influence the outcome of the elections.
Besides disinformation, US geopolitical rivals also deploy sophisticated tools to disrupt the electoral process, undermine democracy, and cause social unrest.
However, the US government is not taking lightly the threat to its democratic institutions. So far, it has seized 32 domains used in producing AI-generated disinformation content on social media targeting certain demographics.
US authorities also charged two RT managers and sanctioned ten other individuals, including the RT chief editor, for pumping pro-Russia propaganda and engaging in activities to undermine public trust in government institutions.
Additionally, the government is offering $10 million to identify and arrest the pro-Kremlin hacking group Russian Angry Hackers Did It (RaHDit).