Threat Actors Target Campaign Systems, Not Voting Machines
According to a security report released Monday by Check Point Software Technologies and reported by CyberScoop, cyber threats ahead of the 2026 midterm elections are concentrating on campaign accounts and platforms rather than voting machines. The report found that 82% of malicious attacks on election-related groups arrived via email, per CyberScoop. Check Point's analysis also flagged large numbers of stolen credentials from fundraising platforms, reporting about 9,500 exposed ActBlue passwords and about 6,500 exposed WinRed passwords, per CyberScoop. The company reported that threat actors are scaling attacks with AI-generated content and registering new election-themed websites. Jeremy Fuchs, a campaign manager for Check Point, told CyberScoop: "The barrier to entry is lower and the quality is so much higher than it was three years ago, 10 years ago, that everything is going to look more realistic and it's going to be more effective at accomplishing whatever goals [attackers] have."
What happened
According to a security report released Monday by Check Point Software Technologies and reported by CyberScoop, cyber threats in the 2026 election cycle are primarily targeting the accounts and platforms campaigns, donors, and voters use to communicate. The report found that 82% of malicious attacks against election-related groups arrived via email, per CyberScoop. The report also identified large numbers of stolen credentials from fundraising platforms, listing about 9,500 exposed ActBlue passwords and about 6,500 exposed WinRed passwords, per CyberScoop. The report said threat actors are also registering new websites using election-related names and are leveraging AI-generated content to scale attacks.
Technical details / Editorial analysis - technical context
Industry-pattern observations: Email remains a high-bandwidth vector for credential theft and phishing because it combines low technical cost with high social-engineering effectiveness. The Check Point report, as reported by CyberScoop, highlights credential exposure on major fundraising platforms; in comparable incidents, exposed credentials enable account takeover and targeted follow-on phishing or SMS-based attacks. The rising availability of AI tools materially lowers the cost of producing convincing phishing content and automated impersonation at scale, an effect Jeremy Fuchs described to CyberScoop when he said the "barrier to entry is lower" and quality has improved.
Context and significance
Reporting frames this pattern as part of a broader shift away from attacks on ballot machinery toward attacks on the peripheral systems that enable campaigns, donors, and voter communication. For information-security teams and vendors, attacks focused on email, web infrastructure, and fundraising platforms increase the importance of credential hygiene, anomaly detection on donation flows, and domain monitoring. For threat intelligence teams, the proliferation of AI-enhanced content changes signal-to-noise metrics used to detect coordinated influence operations.
What to watch
Observers and practitioners should monitor credential-dump volumes tied to fundraising domains, spikes in election-themed domain registrations, increases in highly targeted AI-generated phishing, and reported account-takeover incidents on donation platforms. Public statements or data releases from fundraising platforms and state election officials will be key signals of escalation or containment.
Scoring Rationale
The report shifts attention from voting machines to campaign infrastructure, which affects a broad set of practitioners (security teams, campaign technologists, threat intel). The technical stakes are substantial but not a novel paradigm shift.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems
