US Cyber Command Warns of Foreign Interference Ahead of Midterms

*TL;DR: US Cyber Command and the NSA warn that foreign actors are expected to target the 2026 midterm elections with cyber intrusions and disinformation, echoing tactics used in prior cycles.*

Context The Senate Armed Services Committee heard testimony from Army Gen. Joshua Rudd, head of US Cyber Command, on Tuesday. Rudd said interference attempts are “reasonable to expect based on what we’ve seen in the past.” The warning follows a series of public disclosures about election‑related cyber activity since 2018.

Key Facts - The Election Security Group, a joint Cyber Command/NSA task force, has coordinated with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and state officials since 2018. - In the weeks before the 2024 presidential election, operators disrupted servers used by at least two Russian firms that spread propaganda to swing‑state audiences. The operation halted the servers but did not stop the influence campaign entirely. - Russian troll farms have continued to generate content, creating more than 200 fake websites since March 2025. No new tactics have emerged; adversaries still blend cyber intrusions with coordinated disinformation. - The Trump administration’s recent budget proposal would eliminate CISA’s election‑security program, reducing federal resources for state‑level defenses. - In a separate incident, Iranian hacktivists breached medical‑device maker Stryker on March 11, wiping over 40,000 laptops and halting production for three weeks. Stryker’s Q1 net sales rose 2.6% to $6.0 billion, and the company recovered all data from backups. - French police arrested a 21‑year‑old suspect known as “HexDex” after a months‑long probe into data thefts affecting government, sports, and private sectors.

What It Means The warning signals that foreign intelligence services will likely resume the blend of credential‑stealing, phishing, and supply‑chain compromise that proved effective in 2020 and 2024. State and local election offices should assume that phishing emails targeting election‑system administrators will increase in volume. The removal of CISA’s dedicated election‑security budget could shift the burden of detection and response to individual jurisdictions, raising the risk of uneven protection.

Mitigations – What Defenders Should Do 1. Patch known flaws – Apply the latest patches for CVE‑2024‑2180 (Windows Remote Desktop) and CVE‑2024‑6321 (ConnectWise Manage) to close common entry points. 2. Enforce MFA – Require multi‑factor authentication on all accounts with privileged access to election‑infrastructure systems. 3. Monitor ATT&CK T1078 (Valid Accounts) – Deploy detection signatures for anomalous logins from foreign IP ranges and for credential‑dumping tools such as Mimikatz. 4. Secure backups – Verify that offline, immutable backups exist for critical voter‑registration databases; test restoration procedures quarterly. 5. Threat‑intel sharing – Join ISACs (Information Sharing and Analysis Centers) for election officials to receive real‑time indicators of compromise from federal agencies. 6. Public‑awareness campaigns – Train election staff to recognize spear‑phishing attempts that mimic vendor communications.

Looking ahead, watch for any surge in credential‑theft campaigns tied to known Russian or Iranian threat groups and for legislative moves that could reshape federal election‑security funding.