Hackers Are Already Laying Groundwork to Disrupt the 2026 Midterms, Research Says

The cybersecurity landscape surrounding U.S. elections is evolving rapidly. While past discourse centered on the vulnerability of voting machines, Check Point’s latest research shows attackers are now focusing on the digital ecosystems that support campaigns and local governments. Phishing lures, credential harvesting, and AI‑generated content—such as deep‑fake videos and synthetic audio—are being weaponized to impersonate trusted entities, sow confusion, and amplify foreign influence. This shift reflects a broader trend where threat actors exploit the trust placed in political fundraising platforms and public‑service portals to gain footholds.

The report uncovers alarming exposure levels: roughly 9,500 credentials tied to ActBlue, the Democratic fundraising platform, and 6,500 linked to WinRed, its Republican counterpart, were found in the wild. Coupled with a surge in newly registered domains containing election‑related keywords—over 5,000 in the first half of 2026—these data points expand the pool of potential phishing sites and fake donation pages. Russia, Iran and China remain the most active state‑sponsored actors, now leveraging AI to scale disinformation campaigns that can appear indistinguishable from authentic communications, thereby increasing the likelihood of successful social engineering attacks.

Policy developments compound the technical risks. The Trump administration’s FY‑27 budget proposal to eliminate CISA’s election‑security program would strip away critical federal resources for information sharing, training, and on‑the‑ground assistance to state and local officials. With local governments already grappling with limited cybersecurity staff and legacy systems—as recent ransomware incidents in Minnesota and California illustrate—the loss of federal support could leave election‑adjacent infrastructure markedly under‑protected. Stakeholders across the political, tech, and municipal sectors must therefore prioritize proactive defenses, credential hygiene, and collaborative threat intelligence to mitigate the looming cyber threat to the 2026 midterms.