The Arizona Secretary of State’s Office released new details of a cybersecurity attack in June the office says it is “moderately confident” came from Iran, which temporarily affected the online candidate portal.
The Secretary of State’s Office is investigating the attack with the state Department of Homeland Security and the National Guard. Spokesman Aaron Thacker said the state Department of Homeland Security has looped in the FBI.
On June 23, a member of the Secretary of State’s Office staff notified the office that something was wrong with the candidate portal.
A hacker uploaded coded scripts into the server and replaced images of candidates from 2016-2024 with a picture of former Iranian Ayatollah Ruhollah Musavi Khomeini.
The images also linked to social media accounts including one on Telegram which contains the message:
“We were not looking for war or adventure. However, President Trump’s flagrant violation of the agreement, through his aggressive attack on the nuclear and civilian infrastructure of the great nation of Iran, has forced us to face a difficult and regrettable confrontation. Now the American people share in the consequences of his risky decision. Our erosion revenge has begun,” the account’s message states.
The initial attack occurred two days after the United States bombed Iran.
The issue has been resolved, and the Secretary of State’s Office clarified that the affected website doesn’t impact election tabulation and results.
The election page for this month’s Congressional District 7 special primary election doesn’t appear to have been affected.
As for communicating with the federal government, Democratic Secretary of State Adrian Fontes said he intentionally didn’t reach out to the Cybersecurity and Infrastructure Security Agency under the federal Department of Homeland Security CISA.
“Up until 2024, CISA was a strong and reliable partner in our shared mission to protect America’s digital infrastructure. But since then, the agency has been politicized and weakened by the current administration,” Fontes said in a statement. “I personally reached out to Secretary [Kristi] Noem in a letter several months ago and was dismissed outright.”
Fontes said he’s lost confidence in CISA’s ability to "collaborate in good faith–or to prioritize national security over political theater.”
Fontes warned that partisanship creates the kind of division foreign adversaries like Iran seek to exploit.
The Secretary of State’s Office made some details of the attack public in a press release issued on July 1.
“Since day one, I’ve warned that foreign adversaries, particularly Iran, are actively targeting our election infrastructure and political systems. These aren’t abstract threats; they are real, persistent, and growing,” Arizona Secretary of State Adrian Fontes wrote at the time. “Our office identified patterns of activity consistent with what others are now publicly acknowledging, and we took decisive action to strengthen our defenses early on.”
The office is reviewing its systems and requesting immediate cybersecurity funding to shield against further attacks.
The hacker persisted in attacking the Secretary of State’s website for about a week.
“What this incident has done is it's created — it's not just an attack on the Secretary of State's Office. It's also an attack on government as a whole. We are not the only agencies that are being attacked,” Thacker said.
The office confirmed that other Arizona agencies faced attacks from the same IP addresses as the initial attack — but the identity of those agencies hasn’t been made public.
Other states also reportedly got traffic from those IPs.
State lawmakers, Gov. Katie Hobbs and Attorney General Kris Mayes have all been briefed on the details of the attack.
The office has asked for cybersecurity funding from the state for three years, but not received it. Thacker said the office has done the best they can with the resources they’ve received.
The office’s most recent request is $10 million of one-time funding and $3.5 million of annual cybersecurity and IT funding.
“What this [attack] does is it highlights one of our major concerns that we've had since day one of the secretary taking office which is, we need to update our systems and we need to put in more protocols. … We’ve been doing everything we can to put in preventative measures with our policies which is how we defeated this threat,” Thacker said.
The Secretary of State’s office is now requesting funding from the legislature outside the usual budget process, which may be achievable if lawmakers agree to shift allocated monies around.
Some Arizona Republicans have levied accusations of negligence or an attempted cover-up at the Secretary of State’s Office, which Thacker says are unfounded.
“The more that comes out on this AZ cyberattack the more this reeks of a cover-up. … Why did Fontes try to downplay & sweep this under the rug?” Rep. Alexander Kolodin (R-Scottsdale) asked on X. Kolodin is running for secretary of state in 2026.
Sen. Jake Hoffman (R-Queen Creek) accused Fontes of “lying” and keeping the public in the dark about the attack on social media this week.
“BREAKING NEWS: I was just was told by an inside source at the legislature that it appears the Arizona Secretary of State’s portal was hacked, believed to be impacting the Candidate portal, but possibly much more,” Turning Point USA’s political arm’s Chief Operating Officer Tyler Bowyer exclaimed on X - 22 days after the attack.
“When it comes to our overall collective security this isn't really something we should be playing politics with and there have been a few folks that are being unnecessarily critical,” Thacker said.
There is also some speculation about how much the attack may have affected outside of the candidate portal. Secretary of State Chief Information Security Officer Michael Moore explained vote tabulation is a different system.
“You see in political discourse and people who are elections enthusiasts make comments about like, ‘if you can't secure your website how can you secure the tabulation of the vote?’ These are completely different systems that are completely segmented off from each other. There’s a big difference between someone going to your building and spray-painting on it versus getting inside Fort Knox and getting access to your servers,” Moore said.
-
There's nothing unconstitutional about having a state Court of Appeals deciding cases where not everyone from every county gets to vote on every judge, the Arizona Supreme Court has concluded. -
A new lawsuit filed Tuesday seeks to void the name change of the Arizona Independent Party, arguing it will cause widespread voter confusion. -
A veteran legislator is seeking to alter the law so that county supervisors never have to worry that they’re being asked to certify election returns — even when they question the accuracy. -
The Citizen Clean Elections Commission is calling on Secretary of State Adrian Fontes to reverse a decision allowing one of the state’s newest political parties to rebrand itself, arguing the party’s new name will cause mass voter confusion and logistical problems for election officials. -
Attorney General Kris Mayes is going to continue to pursue the 11 Republicans who claimed to be the state's legally elected electors despite the actual results of the 2020 presidential race.
