October 31, 2020

Joint CISA-FBI Statement: Iranian APT Actors Obtained Voter Registration Data

Since our announcement last week, CISA and the FBI have worked with our state and local election partners to determine how Iranian actors obtained data on American voters. We have since determined that Iran conducted a broad effort to look for vulnerable state and local systems nationwide. We have also identified one state where Iranian cyber actors were able to make a misconfigured state website reveal non-public voter
data. The state has indicated the website has now been fixed. Based on our analysis, this would not have given them access to alter any voter data in the state system. Election officials were subsequently briefed and an alert with additional technical detail was issued to enable network defenders to better protect their systems from malicious actors. We will continue to scrutinize this issue and stay on alert for any malicious activity.

We encourage all citizens to remain vigilant and verify information using trusted sources. Visit CISA.gov/rumorcontrol to learn more about how your vote is protected.