The cyberattack suggests Arizona is a prime target.
PHOENIX — Just days after the United States bombed Iran’s nuclear sites in June, a cyber attack targeted Arizona.
“After the bombing happened, we essentially went shields up here in Arizona, knowing that something was likely to happen,” Arizona cybersecurity chief Ryan Murray said in an interview.
Something did happen: Hackers targeted the Secretary of State’s website.
Cause and effect?
“It certainly seems that way,” Murray said.
Murray is the deputy director of the Arizona Department of Homeland Security and the state’s chief information security officer.
He says there is “moderate confidence” that the cyberattack is affiliated with Iran. Murray pointed to the attack’s imagery, sophistication and persistence.
The target was the Secretary of State’s web portal for candidates to upload information about themselves, including images.
Hackers replaced candidates’ photos with a red-and-black image of the Ayatollah Khomeini, leader of Iran’s Islamic Revolution, more than 45 years ago.
The text says: “Khomeini’s followers woke up. Our erosive revenge has begun.”
“Our federal partners very explicitly said that even if they knew, they would not provide direct attribution to a specific threat actor one way or the other,” Murray said.
Secretary of State Adrian Fontes restored the website within a couple of hours after the attack was discovered.
The breach was made public on July 1.
The Arizona Republican Party has filed a public records request for records and communications that shed light on how the Secretary of State’s website was hacked, any data that was exposed and what was being done to protect the site.
“With critical election infrastructure potentially compromised, voters deserve answers—not silence,” Republican Party Chair Gina Swoboda said in a statement.
Fontes has said there is no evidence that any data was compromised.
Murray said the Arizona attack was the only one around the country that made an impact. Does that suggest Arizona is a primary target?
“I would say, definitely,” Murray said. “Either this was just a threat actor getting very lucky with a vulnerability that they found and were able to take advantage of, or we’re a target.
“I would say probably the latter, given everything that we’ve seen over the last several years.”
