Cyber Incident Victim: Coffee County
Date:
Apr 2024
Location:
United States of America
Summary
A cyberattack targeted the IT infrastructure of Coffee County, prompting state officials to sever its access to Georgia's statewide election systems, including voter registration and election management platforms, as a precautionary measure. The incident, identified through unusual activity detected by federal cybersecurity authorities, showed no evidence of data exfiltration but involved unauthorized malicious actions. This disruption led to temporary website outages and hindered public records responses, marking the second such breach in a Georgia county central to legal disputes over 2020 election claims. State authorities emphasized isolating the incident while acknowledging potential sequential targeting risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 8 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack targeting Coffee County, Georgia's IT infrastructure was identified on April 15, 2024, when the Cybersecurity and Infrastructure Security Agency (CISA) alerted county officials to unusual cyber activity. The Coffee County Board of Commissioners confirmed the incident in an April 15 statement, declaring a cybersecurity event after internal examinations revealed malicious actor activity but found no evidence of data or file exfiltration. County IT staff implemented immediate security measures to isolate and protect systems following the discovery. The Georgia Secretary of State's office responded by severing Coffee County's access to critical statewide election systems on April 16, 2024, as a precautionary measure before county officials formally acknowledged the security threat. This access suspension included the Georgia Registered Voter Information System (GARViS), the ePulse election management suite, and the election night reporting platform, effectively barring county election officials from all state-operated election infrastructure until security concerns are resolved.
The incident caused partial disruptions to Coffee County's public-facing digital services, with sections of the county website remaining inaccessible on April 27-28, 2024. County personnel attributed delays in processing public records requests during this period to maintenance issues affecting the county archiver system. State election authorities emphasized no evidence suggested broader impacts to other Georgia counties, though their advisory noted the potential for sequential attacks targeting multiple jurisdictions. This marks the second cybersecurity incident affecting a Georgia county involved in legal proceedings related to challenges to the 2020 presidential election results, following a January 2024 ransomware attack against Fulton County attributed to the LockBit criminal group. Coffee County previously gained national attention when Trump allies allegedly obtained unauthorized access to voting machine software there during post-2020 election audits. The April 2024 attack's operational scope, intrusion methods, and threat actor identity remain undetermined as of the latest reports.