Secretary of State Adrian Fontes acknowledged in a press release earlier this month that possible foreign actors conducted a cyber attack on the candidate portal of the secretary of state’s (AZSOS) website. Fontes downplayed the hacking, and didn’t indicate whether the hackers were successful or not.
State Senator Jake Hoffman (R-Queen Creek), founder and chair of the Arizona Freedom Caucus, posted his concern about Fontes’ dismissive press release on X. “July 1st press release looks like a MASSIVE cover up. FBI & DHS (at least!) now involved. A private briefing was held TODAY and legislators have confirmed that a ‘foreign cyberattack on AZ’s election system occurred.’ The public is totally in the dark. Adrian Fontes is lying!”
Turning Point COO Tyler Bowyer labeled it a “[m]assive failure” by Fontes.
Fontes said in his July 1 press release, “The Secretary of State’s Office detected and successfully responded to a malicious adversary that targeted the Arizona Secretary of State’s website. These attempts were investigated, our security controls tuned for similar attack patterns, and applicable threat intelligence was shared with our cybersecurity partners. The Arizona statewide voter registration database was not targeted and is unaffected by this event.”
He implied that the attack came from a foreign actor. “Since day one, I’ve warned that foreign adversaries, particularly Iran, are actively targeting our election infrastructure and political systems,” Fontes said. “These aren’t abstract threats; they are real, persistent, and growing.”
He said the attacks caused the office to take the candidate portal offline for a few hours.
This isn’t the first time foreign hackers were apprehended targeting Arizona’s election systems. The FBI notified election officials in 2017 of a Russian hacking attempt in 2016, when a Gila County employee opened an email with an infected attachment. It could have provided access to the county’s voter registration database, so officials took the voter registration system offline for 10 days.
“We indirectly heard that the credential and username posted online was from a known Russian hacker,” Matthew Roberts, director of communications for the AZSOS at the time, told CNN.
In 2016, the FBI said foreign hackers penetrated an Arizona election database. The damage was reportedly minimal, introducing malicious software into the voter registration database, but did not successfully exfiltrate data. Roberts said the FBI characterized the hacking as “credible” and significant, “an eight on a scale of one to 10.”
The same hackers also targeted an election database in Illinois, downloading personal data on up to 200,000 state voters, forcing officials to shut down the state’s voter registration system for 10 days. One of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums.
In 2016, Russian hackers, linked to the GRU (Russian military intelligence), successfully penetrated voter registration systems in two Florida counties. A Senate report found that Russian hackers targeted all 50 states.
German-owned Politico acknowledged that if hackers can access states’ voter registration systems, they can create false voter registrations, which can then be used to cast ballots in elections.
In 2018, the AZSOS revealed that hackers attempt to infiltrate its computer systems more than 50,000 times a month. Arizona is one of roughly one-third of states that allow online voter registration. When Governor Katie Hobbs was secretary of state, she gave numerous progressive groups access to register voters online. No right-leaning groups were granted access.
Hackers have successfully broken into other voting systems around the country. In 2023, the ransomware group RansomedVC claimed responsibility for breaching the D.C. Board of Elections’ voter data. The attack compromised personal information, including partial Social Security numbers, driver’s license numbers, dates of birth, and contact details like phone numbers and email addresses.
In 2020, a ransomware attack targeted election computers in Lincoln County, Washington, encrypting the files so they could not be accessed. The hacker demanded a ransom for a decryption key to unlock the systems. The county stopped using that computer system as a result.
DHS statistics reveal that 3 percent of hacking attempts of election processes are successful.
The Trump administration, as part of a broad executive order issued earlier this year on investigating election integrity, will be investigating Arizona’s election equipment. The DOJ is also asking at least nine states for their voter rolls.
– – –
Rachel Alexander is a reporter at The Arizona Sun Times and The Star News Network. Follow Rachel on Twitter. Email tips to .
Photo “Election Day” by Liz West CC2.0.
The post FBI, DHS Investigating Cyber Attack on Arizona’s Election System first appeared on The Arizona Sun Times.