FBI: Chinese hackers are scanning state political party headquarters Source (https://wapo.st/3eDyVmO) Chinese government hackers are scanning U.S. political party domains ahead of next month's midterm elections, looking for vulnerable systems as a potential precursor to hacking operations, and the FBI is making a big push to alert potential victims to batten down the hatches. Over the past week, FBI agents in field offices across the country have notified some Republican and Democratic state party headquarters they might be targets of the Chinese hackers, according to party and U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity. "The FBI is being considerably more proactive," one senior U.S. official said. "It's part of a larger move that the FBI isn't waiting for the attack to occur. They're increasingly trying to prevent." The network scanning is part of a "comprehensive broad campaign" by the Chinese to seek potential victims, the official said. "This is what they do." "The RNC remains secure and we have not been compromised," Republican National Committee spokesperson Emma Vaughn said in an email. "Cybersecurity remains a top priority for the entire Republican ecosystem, which is why we place a premium on ensuring our stakeholders have the necessary tools, resources and training on best practices so that our Party remains protected and vigilant." Agents similarly spoke to Democratic parties in several states, a Democratic National Committee official said. "The DNC and state parties have been in contact with the FBI," the official said. "There is no evidence that any systems have been compromised." A National Security Agency memo this month said the Chinese hackers scanned more than 100 U.S. state-level political party domains altogether. The memo said the hackers are suspected to be the group formerly known as APT 1. In 2013, cybersecurity firm Mandiant publicly revealed the existence of the espionage outfit, its connections to the government of the People's Republic of China (PRC) and the fact that it had stolen hundreds of terabytes worth of data from at least 141 companies. The political party domains were scanned "likely so the PRC cyber actor could build a target network for possible future operations," the NSA said in its memo. An FBI notice said the hackers' effort appeared centered on obtaining additional sub-domains to help build that network. Party organizations whose domains the Chinese hackers scanned should audit their network logs and logins, the FBI recommended. They also should make sure their systems have been patched. Chinese government hackers in the past have compromised presidential campaign systems to conduct political espionage. In 2008, according to U.S. intelligence officials, they infiltrated the computer networks of the campaigns of Barack Obama and John McCain, looking for information that, for instance, might shed light on the campaigns' positions on China. In 2015 and 2016, Russian cyberspies hacked the Democratic National Committee and Hillary Clinton's presidential campaign for espionage and to interfere in the election. They also hacked into Republican state political campaign arms, FBI Director James B. Comey said in 2017. With less than a month until midterm elections, U.S. officials are not seeing any signs of active threats by foreign governments to election-related networks. "We are seeing obviously a number of different actors that continue to operate in terms of influence," U.S. Cyber Command and NSA chief Gen. Paul Nakasone said at a Council on Foreign Relations event last week. "We are seeing no significant indications of attacks that are being planned right now." As the 2016 presidential race showed, hackers can release stolen information from political parties in an attempt to embarrass their victims. "Political parties are excellent sources of intelligence on developing policy and they've been targeted for that purpose by cyberespionage actors for some time, but as foreign election interference has become commonplace, the risk is no longer just quiet spy work," said John Hultquist, vice president of threat intelligence at Mandiant. When successful, "intrusions like these can be leveraged in hack-and-leak activity designed to manipulate the democratic process." Separately, China has stepped up attempts to sway U.S. voters in the midterms, cybersecurity company Recorded Future's Insikt Group concluded in a report last week. "We've noticed an increase in China's state-sponsored influencers, such as 'wolf warrior' diplomats, political pundits, and inauthentic accounts, attempting to influence US voters," Craig Terron, director of Insikt Group's global issues team, said via email. "This cycle, China's influencers are actively conducting malign influence operations campaigns against the 2022 elections, which signifies a shift in tactics from previous US elections, where China's influencers were less active in attempts to influence US voters." More from Terron: "While we've seen China attempt to influence voters, we have seen only limited attempts for China to directly interfere with the midterm elections (whereby an agent from the Ministry of State Security hired a private investigator to interfere in the congressional election bid of a candidate). We expect operations to continue at a similar pace as a result, particularly as China's influence efforts generally seek to change perspectives over the longer term rather than immediately impact decision-making." Hackers, physical threats against election workers, insiders gaining unauthorized access to election equipment and influence operations are making the election threat environment "more complex than it has ever been," Cybersecurity and Infrastructure Security Agency Director Jen Easterly told reporters last week in a briefing about efforts to protect the midterms. "The security challenges are intertwined," she said. "They can't be viewed in isolation when you think about foreign interference. In many cases, the threat actors who are attempting to breach our election systems are the same ones who are conducting influence operations that seek to sow discord in our country." China has denied past U.S. accusations of malfeasance in cyberspace, saying the United States has instead victimized its country with cyberattacks.