Report Analyzes Darknet Activity Targeting the 2024 United States Presidential Election

Fortinet recently released its FortiGuard Labs Threat Intelligence Report: Threat Actors Targeting the 2024 U.S. Presidential Election, which reveals and analyzes threats tied to U.S.-based entities, voters, and the electoral process. Key findings from the threat intelligence report include:

  • Phishing Scams Targeting Voters Leading Up to the 2024 U.S. Presidential Election: Threat actors are selling affordable phishing kits on the darknet designed to target voters and donors by impersonating the presidential candidates and their campaigns.
  • Malicious Domain Registrations on the Rise: More than 1,000 new potentially malicious domains have also been registered since the beginning of 2024 that follow particular patterns and incorporate election-related content and candidates, suggesting that threat actors are leveraging the heightened interest surrounding the election to lure unsuspecting targets and potentially conduct malicious activities.
  • Darknet Landscape: Billions of records from the U.S. are for sale on darknet forums, including Social Security numbers (SSNs), personally identifiable information (PII), and credentials that could be used in misinformation campaigns and lead to fraudulent activity, phishing scams, and account takeover; approximately 3% of the posts on darknet forums involve databases related to business and government entities.
  • Ransomware Landscape: FortiGuard Labs researchers noted a 28% increase in ransomware attacks against the U.S. government year-over-year based on observed leak sites.

Scams Targeting the U.S. 2024 Presidential Election Flood the Darknet

Cyber adversaries, including state-sponsored actors and hacktivist groups, are increasingly active in the lead-up to elections.

The FortiGuard Labs research team observed threat actors selling distinct phishing kits for $1,260 each, created to impersonate U.S. presidential candidates. These kits are designed to harvest personal information, including names, addresses, and credit card (donation) details.

Since January 2024, FortiGuard Labs researchers have also identified more than 1,000 newly registered domain names that incorporate election-related terms and references to prominent political figures. Fraudulent fundraising websites, including secure[.]actsblues[.]com, meant to imitate the legitimate site for ActBlue (secure[.]actblue[.]com), a nonprofit American fundraising platform and political action committee.

The top two most-used hosting providers for these election-themed websites are AMAZON-02 and CLOUDFLARENET. The reliance on major hosting platforms such as Amazon Web Services (AWS) and Cloudflare suggests that threat actors are leveraging these reputable services to enhance the legitimacy and resilience of their malicious domains.

A notable concentration of domains is associated with a limited number of IP addresses, indicating a centralized approach by threat actors to efficiently manage multiple malicious domains to execute large-scale cyber campaigns.

No Shortage of Personal Data Being Sold Aimed at the U.S.

FortiGuard Labs analysis continues to show a significant number of diverse databases available on darknet forums targeting the U.S., including SSNs, usernames, email addresses, passwords, credit card data, date of birth, and other PII that could be used to challenge the integrity of the 2024 U.S. election. Specific highlights include:

  • Over 1.3 billion rows of combo lists, which include usernames, email addresses, and passwords, signify a considerable risk for credential-stuffing attacks. In such attacks, cybercriminals use these stolen credentials to gain unauthorized access to accounts, making it a valid and substantial security concern.
  • The discovery of 300,000 rows of credit card data, which include CVV, name, card number, expiration date, and date of birth, highlights potential financial fraud risks targeting voters and election officials.
  • Over 2 billion rows of user databases on the darknet indicate a heightened exposure to identity theft and targeted phishing attacks.
  • 10% of the posts on darknet forums are associated with SSN databases, which poses a significant threat by increasing the risk of personal data breaches.

The U.S. Government Is an Increasingly Attractive Target

Ransomware attacks targeting government agencies before an election can impact the electoral process and public trust in government institutions. Compared to 2023, the FortiGuard Labs research team observed a 28% spike in ransomware attacks against the U.S. government in 2024.

The darknet has become a hub for U.S.-specific threats, where malicious actors trade sensitive information and can potentially develop strategies to exploit vulnerabilities. Approximately 3% of the posts on these forums involve databases related to business and government entities. These databases hold critical organizational data that is vulnerable to cyber exploits and are a prime target for threat actors as the elections come and go.

Recommendations to Prevent and Mitigate Cyberattacks this Election Season

Cybersecurity measures are critical to safeguard the integrity of the U.S. 2024 presidential election. Following fundamental best practices can help prevent and mitigate the effects of cyber incidents. The full list of recommendations and best practices can be found in the report, but some key takeaways for citizens, business leaders, and election officials include:

  • Always remain vigilant for suspicious behavior or activity leading up to major events and prioritize good cyber hygiene.
  • Prioritize employee training and awareness.
  • Enforce multi-factor authentication and a strong-password policy.
  • Install endpoint protection solutions.
  • Patch operating systems and web servers and update software regularly.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.