Energetic Bear, a Russian state-sponsored hacking group, has stolen data from two servers after targeting state and federal government networks in the U.S. since at least September, the FBI and Cybersecurity and Infrastructure Security Agency said on Thursday. Director of National Intelligence John Ratcliffe announced Wednesday that Iran and Russia had obtained voter registration information that could be used to undermine confidence in the U.S. election system.
Right. Ratcliffe held that ridiculous press conference yesterday trying to pretend that Iran was the “real hacker.” Today came the real story:
The FBI and CISA said Thursday they do not have evidence that Energetic Bear compromised elections data or government operations.
In at least one compromise of a state or local government server, Energetic Bear accessed documents related to sensitive passwords, vendors, and printing access badges, the agencies said.
“To date, the FBI and CISA have no information to indicate this [advanced persistent threat] actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize [state, local, territorial, and tribal] government entities.”
The New York Times reports that while Ratcliffe focused his Wednesday night press briefing primarily on the Iran findings, many intelligence officials remain “far more concerned about Russia, which in recent days has hacked into state and local computer networks in breaches that could allow Moscow broader access to American voting infrastructure,” according to the Times.
One official compared the Iranian efforts to Single A baseball, while the Russians are more like major leaguers, according to the Times.