April 29 — In the U.S. state of Georgia, Coffee County experienced a cyber incident that prompted officials to temporarily sever computer access to statewide election systems.

Earlier this month, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) informed the County of unusual cyber activity on its IT infrastructure.

What happened

Close inspection revealed a cyber incident, leading to an extensive investigation of the County’s IT environment. Activity logs, network logs and cyber monitoring systems were reviewed.

At this time, authorities remain uncertain as to which cyber criminal gang launched the attack. However, they have noted that there is no evidence of data or file exfiltration.

The election link

A written notice distributed by the Georgia Secretary of State’s Office expressed that officials shut down a connection to GARViS — a software system used to register voters — “out of an abundance of caution.”

Coffee County has also temporarily severed digital connections with ePulse, an election night reporting system, and other state systems “until the security threat is cleared.”

Ahead of the 2024 U.S. Presidential elections, officials have been warned to brace for unexpected cyber threats of many kinds; ranging from manipulation of voter infrastructure, to disinformation delivered through social media and deepfakes, to ransomware attacks.

Proactive security upgrades

Coffee County’s attack was reported just a few short weeks after Jackson County in Missouri announced a state of emergency on account of a ransomware attack.

According to the Coffee County Board, further steps have been taken to secure the network and to ensure the integrity of Coffee County’s IT infrastructure.

For more election security insights, please see CyberTalk.org’s past coverage. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.