The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Chinese hackers are scanning state political party headquarters, FBI says

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Check out that triple byline, huh?

Below: A former reporter sued a law firm for allegedly hiring hackers to ruin his reputation, and Secretary of State Antony Blinken is going to Silicon Valley. But first:

U.S. government warns that Chinese group are probing Democrats, Republicans for vulnerabilities

Chinese government hackers are scanning U.S. political party domains ahead of next month’s midterm elections, looking for vulnerable systems as a potential precursor to hacking operations, and the FBI is making a big push to alert potential victims to batten down the hatches.

Over the past week, FBI agents in field offices across the country have notified some Republican and Democratic state party headquarters they might be targets of the Chinese hackers, according to party and U.S. officials, who spoke on the condition of anonymity because of the matter’s sensitivity.

None of the potential targets were hacked or breached, the officials said.

“The FBI is being considerably more proactive,” one senior U.S. official said. “It’s part of a larger move that the FBI isn’t waiting for the attack to occur. They’re increasingly trying to prevent.”

The network scanning is part of a “comprehensive broad campaign” by the Chinese to seek potential victims, the official said. “This is what they do.”

The FBI visited at least a dozen Republican Party headquarters in recent days.

“The RNC remains secure and we have not been compromised,” Republican National Committee spokesperson Emma Vaughn said in an email. “Cybersecurity remains a top priority for the entire Republican ecosystem, which is why we place a premium on ensuring our stakeholders have the necessary tools, resources and training on best practices so that our Party remains protected and vigilant.” 

Agents similarly spoke to Democratic parties in several states, a Democratic National Committee official said. “The DNC and state parties have been in contact with the FBI,” the official said. “There is no evidence that any systems have been compromised.”

The FBI declined to comment.

What they did

A National Security Agency memo this month said the Chinese hackers scanned more than 100 U.S. state-level political party domains altogether. The memo said the hackers are suspected to be the group formerly known as APT 1. In 2013, cybersecurity firm Mandiant publicly revealed the existence of the espionage outfit, its connections to the government of the People’s Republic of China (PRC) and the fact that it had stolen hundreds of terabytes worth of data from at least 141 companies.

The political party domains were scanned “likely so the PRC cyber actor could build a target network for possible future operations,” the NSA said in its memo. An FBI notice said the hackers’ effort appeared centered on obtaining additional sub-domains to help build that network.

Party organizations whose domains the Chinese hackers scanned should audit their network logs and logins, the FBI recommended. They also should make sure their systems have been patched.

Not the first time

Government-backed hackers have a history of targeting U.S. political campaigns.

Chinese government hackers in the past have compromised presidential campaign systems to conduct political espionage. In 2008, according to U.S. intelligence officials, they infiltrated the computer networks of the campaigns of Barack Obama and John McCain, looking for information that, for instance, might shed light on the campaigns’ positions on China.

In 2015 and 2016, Russian cyberspies hacked the Democratic National Committee and Hillary Clinton’s presidential campaign for espionage and to interfere in the election. They also hacked into Republican state political campaign arms, FBI Director James B. Comey said in 2017.

With less than a month until midterm elections, U.S. officials are not seeing any signs of active threats by foreign governments to election-related networks.

“We are seeing obviously a number of different actors that continue to operate in terms of influence,” U.S. Cyber Command and NSA chief Gen. Paul Nakasone said at a Council on Foreign Relations event last week. “We are seeing no significant indications of attacks that are being planned right now.”

As the 2016 presidential race showed, hackers can release stolen information from political parties in an attempt to embarrass their victims.

“Political parties are excellent sources of intelligence on developing policy and they’ve been targeted for that purpose by cyberespionage actors for some time, but as foreign election interference has become commonplace, the risk is no longer just quiet spy work,” said John Hultquist, vice president of threat intelligence at Mandiant. When successful, “intrusions like these can be leveraged in hack-and-leak activity designed to manipulate the democratic process.”

Other Chinese efforts

Separately, China has stepped up attempts to sway U.S. voters in the midterms, cybersecurity company Recorded Future’s Insikt Group concluded in a report last week.

  • “We’ve noticed an increase in China’s state-sponsored influencers, such as ‘wolf warrior’ diplomats, political pundits, and inauthentic accounts, attempting to influence US voters,” Craig Terron, director of Insikt Group’s global issues team, said via email. “This cycle, China’s influencers are actively conducting malign influence operations campaigns against the 2022 elections, which signifies a shift in tactics from previous US elections, where China’s influencers were less active in attempts to influence US voters.”
  • More from Terron: “While we’ve seen China attempt to influence voters, we have seen only limited attempts for China to directly interfere with the midterm elections (whereby an agent from the Ministry of State Security hired a private investigator to interfere in the congressional election bid of a candidate). We expect operations to continue at a similar pace as a result, particularly as China’s influence efforts generally seek to change perspectives over the longer term rather than immediately impact decision-making.”

Hackers, physical threats against election workers, insiders gaining unauthorized access to election equipment and influence operations are making the election threat environment “more complex than it has ever been,” Cybersecurity and Infrastructure Security Agency Director Jen Easterly told reporters last week in a briefing about efforts to protect the midterms.

“The security challenges are intertwined,” she said. “They can’t be viewed in isolation when you think about foreign interference. In many cases, the threat actors who are attempting to breach our election systems are the same ones who are conducting influence operations that seek to sow discord in our country.”

China has denied past U.S. accusations of malfeasance in cyberspace, saying the United States has instead victimized its country with cyberattacks.

The keys

Former Wall Street Journal reporter accuses law firm of hiring hackers to ruin his reputation

Former Wall Street Journal chief foreign correspondent Jay Solomon argued in a lawsuit that law firm Dechert worked with Indian hackers to steal his emails between him and a source, Reuters’s Raphael Satter reports. The source, Iranian American aviation executive Farhad Azima, filed his own lawsuit against Dechert last week.

“Solomon said the messages, which showed Azima floating the idea of the two of them going into business together, were put into a dossier and circulated in a successful effort to get him fired,” Satter writes. Solomon’s lawsuit says that Dechert “wrongfully disclosed this dossier first to Mr. Solomon’s employer, the Wall Street Journal, at its Washington DC bureau, and then to other media outlets in an attempt to malign and discredit him,” which resulted in Solomon being effectively “blackballed by the journalistic and publishing community.”

Dechert told Reuters that it disputed the allegation and would fight it in court. Azima didn’t have an immediate comment for the outlet.

Top U.S. diplomat goes to Silicon Valley to highlight tech diplomacy, cybersecurity

Secretary of State Antony Blinken’s trip comes as U.S. diplomats push major technology companies to get more involved in national security issues like competition with China and the war in Ukraine, the Wall Street Journal’s Vivian Salama and Dustin Volz report. It also comes just a month after the Senate voted to confirm cybersecurity executive Nathaniel Fick as the leader of the State Department’s new cyberspace and digital policy bureau.

The U.S. government needs to do more, though some companies took action in the wake of Russia’s Ukraine invasion, Fick told the Wall Street Journal. “We can’t just rely on people’s goodwill,” Mr. Fick said. “We actually have to work with the private sector to develop market competitive options. I don’t think that’s impossible.”

Fick also said the U.S. government has had  “unclear swim lanes” on interagency coordination, hampering the country’s ability to lead in tech competition. “We have redundancies, we have gaps,” he told the outlet. “Clarity of roles and responsibilities — some of that’s inside the department, some of it is with other agencies — is a big piece of it.”

Global cyberspace

Microsoft says Ukraine, Poland targetted with novel ransomware attack (Reuters)

Israeli officer reveals intricate details of IDF's first ever cyberattack (Ynetnews)

Securing the ballot

The voting machine hacking threat you probably haven’t heard about (Politico)

Sidney Powell’s nonprofit raised $16 million as she spread election falsehoods (Jon Swaine and Emma Brown)

Cyber insecurity

How a Microsoft blunder opened millions of PCs to potent malware attacks (Ars Technica)

Hacker gets $50 million in heist of DeFi’s Mango (Bloomberg News)


  • The Atlantic Council hosts an event on a new transatlantic data privacy framework today at 10 a.m.
  • Emily Goldman, a strategist at U.S. Cyber Command, discusses cyberspace strategy at a Heritage Foundation event today at noon.
  • The Carnegie Endowment for International Peace holds an event on Russian information warfare today at 2 p.m.
  • Former CISA director Chris Krebs speaks at an event hosted by the American University Washington College of Law’s Tech, Law and Security Program today at 3 p.m.
  • CISA Director Jen Easterly, National Cyber Director Chris Inglis, NSA Cybersecurity Director Rob Joyce and top Ukrainian cybersecurity official Viktor Zhora speak at Mandiant’s mWISE conference starting Tuesday.
  • Recorded Future holds an intelligence briefing on Russian threats on Tuesday at 2:30 p.m.
  • The Institute for Security and Technology hosts an event on the data transfer agreement on Wednesday at 11 a.m.
  • Rep. Jim Langevin (D-R.I.) and Dmitri Alperovitch, the co-founder and chair of Silverado Policy Accelerator, speak at a Washington Post Live event on Wednesday at 11 a.m.

Secure log off

Thanks for reading. See you tomorrow.