Skip to main content
Threat IntelligenceEmerging Threats

Cybersecurity Threats Target Election Campaign Systems

Campaign office with computers, phones, and papers on a desk near a window overlooking a blurred cityscape.

“The barrier to entry is lower and the quality is so much higher than it was three years ago, 10 years ago, that everything is going to look more realistic and it’s going to be more effective at accomplishing whatever goals [attackers] have,” Jeremy Fuchs, a campaign manager for Check Point, told CyberScoop.

Check Point Software Technologies: report findings for the 2026 midterms

Check Point Software Technologies released a security report on Monday that frames the cyber threat landscape for the 2026 midterm elections. The report’s central finding: threat actors so far are not targeting voting machines or ballot-counting systems. Instead, the primary focus is on the accounts, platforms and public-facing sites that campaigns, donors and voters use to communicate and transact.

Email: the dominant attack vector — 82% of malicious traffic

According to Check Point, email remains the most common entry point for malicious activity affecting election-related groups. The company found that 82% of malicious attacks arrive through email, a statistic the report emphasizes in describing how easily threat actors can reach campaign staff, donors and supporters. Fuchs noted that email access — or a single leaked credential — can be leveraged into follow-on attempts to compromise other accounts or to craft convincing phishing campaigns.

Fundraising platforms: large numbers of stolen passwords at ActBlue and WinRed

The report identifies significant credential exposure tied to major fundraising platforms. Check Point found roughly 9,500 stolen passwords associated with ActBlue and about 6,500 associated with WinRed. Fuchs cautioned that these password lists may not be used immediately in election-specific schemes, but that such data are often “saved for later” and can enable opportunistic phishing or account-takeover attempts when combined with email addresses and phone numbers.

New election- and vote‑named websites: scale and suspected intent

Check Point documented a surge in newly registered websites that contain election-related terms. In January alone, researchers counted approximately 1,300 new domains with the word “election” and about 4,010 that included the word “vote.” The report highlights how quickly such sites have been established relative to longstanding legitimate campaign pages, and researchers say that pace leads them to believe a majority of these new domains will serve nefarious purposes, notably phishing scams designed to harvest credentials by posing as authentic election organizations.

AI-generated content and OpenAI’s election safeguards

The report raises concerns about manipulated content and misinformation amplified by generative AI. Check Point researchers and Fuchs both pointed to increasingly visible AI-generated political content in the 2026 cycle. The source notes that OpenAI rolled out a suite of tools and safeguards earlier this month intended to provide a layer of protection for this election cycle. Fuchs warned that as models improve and actors adopt AI-enabled techniques, the capacity to produce realistic, deceptive content will grow — making it harder for the public to distinguish genuine information from manipulation.

What this means for campaigns, donors, and voters

  • Campaigns and campaign technologists: The report indicates they should prioritize securing email and account credentials, because attackers are focusing on the communication and fundraising infrastructure rather than election infrastructure itself.
  • Fundraising platforms and donors: The presence of roughly 9,500 ActBlue and 6,500 WinRed stolen passwords signals a need to monitor for credential abuse and to expect opportunistic follow-on attacks using exposed data.
  • Voters and the general public: The surge in new “election” and “vote” domains, combined with increasingly capable AI-generated content, suggests a higher risk of phishing and deceptive material arriving through email and quickly established websites.

Check Point’s report underscores a simple but consequential shift: the 2026 threat picture, as observed so far, is less about direct tampering with ballot-counting machinery and more about undermining the human and account-level layers that carry campaign messages and donations. As Jeremy Fuchs put it, the technical capability available to bad actors — amplified by AI — is changing faster than public understanding can keep pace, and that mismatch is likely to shape how election-related cyber risk evolves in the coming months. Check Point’s full report is available on the company’s website, and the findings were first reported by CyberScoop.

Source: CyberScoop — Election threats are focused on campaign systems, not voting machines