The US agency responsible for certifying the security of voting machines reportedly fell victim to a hacker believed to be Russian.
Security firm Recorded Future said Thursday that it discovered login credentials for computers at the US Election Assistance Commission for sale on the internet black market. The firm said its analysis identified the hacker as Russian.
"The breach appeared to include more than one hundred access credentials, including some with the highest administrative privileges," Andrei Barysevich, director of advanced collection at Recorded Future, wrote in a blog post. "These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site."
The report comes amid heightened concern that the Russian government hacked the US presidential election in November to ensure a victory for Republican Donald Trump. An anonymous senior US official told The Washington Post last week that "Russia's goal here was to favor one candidate over the other, to help Trump get elected."
Posing as a potential buyer, Recorded Future engaged a "Russian-speaking actor" who was offering the credentials for sale. The hacker said he had accessed the system through an unpatched vulnerability, which he was attempting to sell information about to a Middle Eastern government, the company said.
It wasn't immediately clear when the hack occurred. Recorded Future said it turned over its findings to federal law enforcement officials. The Justice Department did not immediately respond to a request for comment.
Created by the Help America Vote Act of 2002, the EAC is a government agency that certifies voting machines and serves as a clearinghouse for information regarding election administration.
The US Election Assistance Commission did not immediately respond to a request for comment.