Election Infrastructure Faces Persistent Intrusions Beyond Voting Periods
Investigators reported that election-related networks are being targeted as a continuous operational environment, not just during active voting periods. Analysis of cyber activity tied to the 2024 election cycle across the United States, United Kingdom, India, Indonesia, Mexico, South Africa, and the European Parliament found adversaries maintaining long dwell times and sustained footholds in electoral environments before and after peak election periods. The activity indicates attackers are increasingly focused on pre-positioning for future election cycles rather than only seeking immediate disruption.
The reported attack surface extends well beyond election commissions to include political parties, campaign infrastructure, voter registration systems, third-party technology providers, and media organizations. Initial access commonly came through phishing, credential compromise, and exploitation of internet-facing services, followed by reconnaissance across the broader electoral ecosystem. The findings argue that election systems should be treated as critical infrastructure requiring year-round monitoring, coordination, resilience planning, and information sharing across public and private organizations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Investigators observe persistent targeting during the 2024 election cycle
Analysis of cyber activity around the 2024 election cycle found adversaries maintaining long dwell times and sustained footholds in election-related environments across multiple countries and the European Parliament. The reporting says attackers used phishing, credential compromise, and exploitation of internet-facing services to pre-position for future election cycles rather than only disrupt active voting periods.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Researchers Warn of Midterm Threats Targeting Campaigns, Fundraising Platforms, and Local Governments
Check Point warned that threat actors are already preparing to disrupt the 2026 U.S. midterm environment by targeting election-adjacent infrastructure rather than voting machines. The firm reported a surge in newly registered election-themed domains and exposed credentials tied to major political and government platforms including `ActBlue`, `WinRed`, `gop.com`, `democrats.org`, and `usa.gov`, creating opportunities for phishing, impersonation, fake donation pages, credential theft, and broader trust-eroding disruptions. Researchers identified Russia, Iran, and China as the principal state actors to watch, alongside risks from misinformation and foreign influence operations. The report said AI is likely to amplify these threats by helping adversaries scale convincing phishing lures, cloned audio, manipulated images, and deepfake videos during politically sensitive periods. It also highlighted local governments as a weak point because of aging technology, limited budgets, and small security teams, pointing to ransomware incidents in Winona County, Minnesota, and Foster City, California. The warning comes as officials debate the future of the federal election security posture, including a budget proposal that would eliminate CISA’s election security program and concerns about reduced preparedness ahead of the midterms.
Jun 2, 2026
Rising Nation-State and APT Targeting of Private Sector and Critical Infrastructure
Nation-state and **advanced persistent threat (APT)** activity is increasingly extending beyond traditional government and military targets to include private companies and **critical national infrastructure**. The reporting highlights a shift toward long-term intrusions aimed at intelligence collection, strategic influence, economic advantage, and disruption, with private-sector networks, infrastructure providers, and technology firms now treated as operationally valuable targets. Critical services such as energy, water, telecommunications, transport, and healthcare are described as especially exposed because attacks on even a small component can create wider societal and political effects. The coverage also emphasizes that these campaigns often avoid noisy malware or immediate disruption, instead relying on **legitimate credentials**, trusted third-party access, and existing business tools to maintain persistent access across identities, cloud platforms, SaaS environments, and supplier ecosystems. One example cited is the attack on Collins Aerospace's **ARINC cMUSE** airline check-in and boarding software, which disrupted passenger boarding at several European airports and illustrated how compromising a supporting technology provider can produce broad downstream impact. Defenders are urged to move beyond incident-driven response and strengthen continuous visibility, exposure management, and threat-informed monitoring across interconnected enterprise and infrastructure environments.
Mar 20, 2026
US Cyber Command Disrupted Russian Election Influence Operations as Federal Defenses Eroded
US Cyber Command secretly targeted at least two Russian companies involved in covert online influence activity ahead of the 2024 US election, according to reporting that said the operation was part of a wider federal effort with the FBI, DHS, and other agencies to expose and disrupt foreign meddling aimed at voters in key swing states. The campaign reportedly pushed anti-Ukraine and anti-politician narratives, and officials said the US action slowed the Russian operation even though propaganda content continued through Election Day. The activity fits a longer pattern of Russian interference in US politics, following earlier US government findings that Moscow targeted election systems in 2016 and subsequent Justice Department charges against Russian individuals and companies tied to interference operations. Officials and former officials warn that many of the structures built after the 2016 election to counter foreign influence have since been dismantled, reduced, or paused, including functions at ODNI, the FBI, the State Department, and CISA. The rollback comes despite continued threats from Russian, Chinese, and Iranian-linked actors using fake websites, AI-enabled propaganda, and cyber activity affecting election infrastructure, raising concerns that the United States has less visibility and fewer coordinated defenses in place for future elections.
May 25, 2026