The Louisiana National Guard was called in to stop a series of cyberattacks aimed at small government offices across the state in recent weeks, according to two people with knowledge of the events, highlighting the cyber threat facing local governments in the run up to the 2020 U.S. presidential election.
The situation in Louisiana follows a similar case in Washington state, according to a cybersecurity consultant familiar with the matter, where hackers infected some government offices with a type of malware known for deploying ransomware, which locks up systems and demands payment to regain access.
Senior U.S. security officials have warned here since at least 2019 that ransomware poses a risk to the U.S. election, namely that an attack against certain state government offices around the election could disrupt systems needed to administer aspects of the vote.
It is unclear if the hackers sought to target systems tied to the election in Louisiana or were simply hoping for a payday. Yet the attacks raised alarms because of the potential harm it could have led to and due to evidence suggesting a sophisticated hacking group was involved.
Experts investigating the Louisiana incidents found a tool used by the hackers that was previously linked to a group associated with the North Korean government, according to a person familiar with the investigation.
That tool was described to Reuters as a remote access trojan, or RAT, used to infiltrate computer networks. But cybersecurity analysts who have examined this RAT – known as “KimJongRat” – say some of its code had been publicized in a computer virus repository, where hackers could copy it; making attribution to North Korea less certain.
While staff at several government offices in northern Louisiana were successfully compromised as part of the campaign, according to the two people familiar with the incident response, the cyberattack was stopped in its early stages before significant harm was done.
The Louisiana National Guard declined to comment on the incidents. A spokesman for the Louisiana State Police said they were called in to investigate the cyberattacks, but declined further comment. The Governor’s office said they could not comment on an ongoing investigation.
Tyler Brey, a spokesman for the Louisiana Secretary of State’s office, said Louisiana is a “top down state,” where election data is centrally stored at the secretary of state’s office, which can make it easier for election officials to recover from cyberattacks.
One person familiar with the events said they assessed the hacker’s objective was to infect computers with ransomware, but added that it was difficult to determine because the attack was stopped in its early phases.
If so, Louisiana wouldn’t be the first. Over the last year, several U.S. cities have been victimized by ransomware, including: incidents in Baltimore, Maryland, and Durham, North Carolina.