US, UK and India Among the Countries Most At Risk of Election Cyber Interference

Written by

Read more about cyber-threats to 2024 elections:

Upcoming US, UK, and South Korea elections are the most likely to face cyber interference, according to a new report published by threat-informed defense solution provider Tidal Cyber.

These three countries face adversaries from all four ‘priority’ adversary countries – namely China, Iran, Russia and North Korea.

Other countries holding elections in 2024 that face high levels of election cyber interference threats include India, Belgium, Pakistan, Belarus, Mexico, Georgia and Indonesia.

“These represent top potential hotspots for cyber defenders supporting organizations involved in or related to elections in these areas,” the Tidal Cyber report, published on 12 February, highlighted.

Among those, India, Pakistan, Belarus, and Indonesia face the strongest underlying concerns of cyber threats specifically targeting the electoral infrastructure.

Tidal Cyber assessed that these countries could be targeted not only by general information manipulation campaigns and cyber-attacks during the elections but also by attacks that could disrupt, or even suspend, the electoral process itself.

Venezuela, Uzbekistan and Ethiopia also face threats to their electoral infrastructure although they were not among the top ten countries likely to face the highest levels of election cyber interference threats.

Two-Thirds of Countries Holding 2024 Elections to Face Cyber Threats

In the report, Tidal Cyber analyzed 64 countries holding elections in 2024 to assess the probability of cyber interference during these events.

“Leaning on the definitions provided in the 2021 US Intelligence Community Assessment, Foreign Threats to the US 2020 Federal Election, we define ‘election cyber interference threat’ as the potential for cyber adversary-driven malicious activity targeting the technical aspects of democratic election processes,” Tidal Cyber researchers explained.

“The study mainly focuses on foreign sources of cyber election interference (emanating from outside the target country) – specifically those associated with the four clear top perpetrator countries (Russia, China, Iran and North Korea), as cited by both US officials and major security vendors.”

Out of 64 countries analyzed, 20 of them (31%) were found to face high interference threats.

Nearly two-thirds (41 countries, or 64%) face at least one state-backed cyber threat actor attributed to Russia, China or Iran.

Under half (27 countries) face state-backed actors associated with multiple priority adversary countries. 

Source: Tidal Cyber
Source: Tidal Cyber

Based on previous campaigns, the most likely adversaries to conduct cyber interference include Russia-backed APT28 and APT29, China-backed APT3, APT31 and APT41, Iran-backed APT35, and North Korean group Kimsuky.

Primary Targets for Cyber Interference

In the report, Tidal Cyber also provided a deep dive into previously used techniques, tactics and procedures (TTPs) used to target elections as well as their primary targets and a list of occurrences when they were used.

Those include:

  • Social engineering and identity-based threats (e.g., email-based attacks, identity-based attacks), likely targeting election-related personnel and organizations, including politicians and political staff, campaign teams, election administrators and workers (including volunteers) and media representatives
  • Election-related web application attacks (e.g. data access, exfiltration and tampering attacks, defacement attacks, denial of service (DoS) attacks), likely targeting election-related websites (voter/voting information and poll/turnout results), campaign websites and voting infrastructure
  • Voting infrastructure and insider threats, likely targeting voting machines or online voting platforms/services
  • Ransomware, likely targeting computer networks supporting most of the other targets referenced in other sections, such as voting administration offices, political staff and campaign teams, and infrastructure and hardware/software suppliers

“We assess that cyber actors aligned with multiple adversarial nations are continuing to evolve their TTPs in an effort to successfully attack both historical and new targets for election-related interference,” concluded the report.

The Tidal Cyber analysis focused on 64 countries hosting one or several elections in 2024. Only countries with at least one adversary aligned with one of the firm’s ‘priority’ adversary countries were considered.

Tidal enriched the list with metadata from its Community Edition knowledge base.

The full report can be found here.

What’s hot on Infosecurity Magazine?