Voter Registration System Taken Offline in Coffee County Cyber-Incident

Written by

Coffee County in the US State of Georgia has been hit by a cyber-incident, reportedly leading to its connection to the state’s voter registration system being severed.

In a statement, the Office of Coffee County Board of Commissioners said the County was informed of unusual cyber-activity on its IT infrastructure by the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) on April 15, 2024.

The local authority immediately declared a cyber-incident, leading to a wider examination of the County’s IT environment. This involved working with the DHS and CISA to examine artifacts of the unauthorized access in the cyber systems/activity logs, network logs and monitoring systems.

This investigation indicated cyber activity by “an unknown malicious actor(s),” the County’s Board of Commissioners revealed.

There is currently no evidence that any data/files held by the County were exfiltrated.

The Board added: “Steps have been taken to further secure the network and protect Coffee County’s IT infrastructure.”

Coffee County is now working with federal authorities to identify how the incident took place and the identities of the actors responsible.

Connection to Voter Registration System Severed

CNN reported that “sources close to the matter” said that Coffee County severed its network connection to GARViS, a software system used to register Georgian voters, for “multiple days” as a precautionary measure.

However, there is no indication that GARViS was infiltrated by the attackers.

Coffee County was a flashpoint in the 2020 US Presidential Election, when pro-Trump operatives reportedly hacked the County’s election office in January 2021 to try and find evidence of voter fraud.

CNN also reported that the latest incident is likely to be a ransomware attack.

The attack on Coffee comes just a few weeks after Jackson County in Missouri declared a state of emergency due to a ransomware attack on its IT systems.

Impacted services included tax payments and online property, marriage licenses and inmate searches, but the Kansas City Board of Elections and Jackson County Board of Elections reportedly remained unaffected.

Expected Cyber-Attacks on US Election Infrastructure

In the build up to the Presidential, State and Congressional elections later this year, election officials have been warned to prepare of a variety of cyber-attacks and influence campaigns from cyber threat actors.

Read here: Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections

These threats are expected to come from nation-state actors working on behalf of Russia, China, North Korea and Iran, who will aim to undermine confidence in democratic institutions and try to influence outcomes of these key elections.

They are likely to use a number of tactics, ranging from ransomware and other attacks to disrupt and tamper voting infrastructure, to spreading disinformation and sowing division on social media, assisted by AI and deepfake technologies.

Image credit: Roberto Galan / Shutterstock.com

What’s hot on Infosecurity Magazine?