Over 5,000 malicious domains targeting 2026 US Midterm elections spotted going live – and they could be used for fraud, phishing, or worse

News
By published

As elections get closer, the number of fake sites grows

(Image credit: Pexels)
  • Check Point Research warns Russia and other nation‑states are running large‑scale disinformation campaigns ahead of the US midterms
  • Operations include phishing sites, fake donation portals, and Doppelganger clones of major outlets
  • Midterm elections are scheduled for November this year

Russia (and probably other nation-states, as well) is actively trying to influence US Midterm elections scheduled to take place in November this year. This is according to a new report from cybersecurity researchers Check Point Research, who said they saw more than 5,000 election-themed websites pop up since January this year.

“In this new era of AI-powered disinformation, the goal is often not to change vote counts directly, but to convince voters that truth itself is difficult to verify,” the researchers said. In other words, these hackers are not targeting the machines that count the votes, but rather humans casting them, influencing them and thus changing the outcome of the elections.

This is hardly a new thing, and we’ve seen US government officials accusing Putin of meddling with US presidential elections before.

Latest Videos From

Doppelganger

This time, however, Check Point found concrete evidence, as well as a detailed modus operandi of these operations. In January, the researchers found 1,300 domains containing the word “election” and almost 3,000 with the word “vote”. Between mid-April and mid-May, “election” held steady at around 1,140, while “vote” spiked to 4,010. “The volume is increasing as November approaches, and the mix is shifting toward the more voter-facing term,” it was explained.

While domain registration volume alone does not automatically mean malicious intent, security teams know that the domains are usually used for phishing pages impersonating information portals, fake donation collection sites, candidate impersonation, and misinformation distribution campaigns.

Check Point also said that it saw a Russian operation called Doppelganger cloning high-authority news sites (Reuters, The Washington Post, Fox News, and similar) and publishing fake news there, hoping other outlets would pick up and distribute it before realizing the scam.

“Security teams working with campaigns, election organizations, fundraising platforms, or any organization adjacent to this environment should treat this cycle as an elevated-risk period for phishing, brand impersonation, and credential-based attacks,” Check Point concluded. “That’s not because the threats are novel, but because the motivation and attention behind them are significantly higher than usual.”

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.