Skip to content ↓ | Skip to navigation ↓

The U.S. Department of Justice (DOJ) said Iran was responsible for an attack campaign that targeted American voters with threatening emails.

On October 21, the Justice Department held a press conference in which FBI Director Christopher Wray and Director of National Intelligence John Ratcliffe linked Iran to a spam campaign making the rounds in the United States.

Proofpoint reported that the spam campaign arrived in two waves.

The first wave broke on October 20 when WUFT reported that some voters in Florida had received what appeared to be threatening emails from a white supremacist group.

Those responsible for the emails claimed to have stolen access to the recipient’s personal information after having infiltrated the United States’ voting infrastructure. They then demanded that the recipient vote for a specific candidate in the 2020 U.S. presidential election with the promise that they would “come after [them]” if they didn’t comply.

Email message from October 20. (Source: Proofpoint)

The second wave came a day later. The attack emails sent in this wave were similar to those distributed in the first. However, they were slightly different in that they included a link to a video branded by the same white supremacist group as the one referenced in the first wave. That video appeared to show a Kali Linux user filling out voter registration forms and absentee ballots for voters living in Alaska.

In the DOJ press conference, Ratcliff said that “the information in the video is not true.”

He went on to note that Russia had “taken specific actions to influence public opinion relating to our election” in addition to Iran.

News of this spam campaign highlights the need for organizations and users alike to familiarize themselves with email-based attacks. One of the ways they can do this is by learning more about the techniques that email attackers commonly incorporate into their campaigns. This resource is a good starting point.