Over 5,000 malicious domains targeting 2026 US Midterm elections spotted going live – and they could be used for fraud, phishing, or worse

1. Pro
2. Security

Over 5,000 malicious domains targeting 2026 US Midterm elections spotted going live – and they could be used for fraud, phishing, or worse News By Sead Fadilpašić published 2 June 2026

As elections get closer, the number of fake sites grows

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Pexels)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

• Check Point Research warns Russia and other nation‑states are running large‑scale disinformation campaigns ahead of the US midterms
• Operations include phishing sites, fake donation portals, and Doppelganger clones of major outlets
• Midterm elections are scheduled for November this year

Russia (and probably other nation-states, as well) is actively trying to influence US Midterm elections scheduled to take place in November this year. This is according to a new report from cybersecurity researchers Check Point Research, who said they saw more than 5,000 election-themed websites pop up since January this year.

“In this new era of AI-powered disinformation, the goal is often not to change vote counts directly, but to convince voters that truth itself is difficult to verify,” the researchers said. In other words, these hackers are not targeting the machines that count the votes, but rather humans casting them, influencing them and thus changing the outcome of the elections.

This is hardly a new thing, and we’ve seen US government officials accusing Putin of meddling with US presidential elections before.

Latest Videos FromWatch full video here: You may like

• 'Cybercriminals are industrializing deception': new report reveals how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk - here's what you need to know
• New report claims Trump is the most-deepfaked US politicans with over half of cases — these 3 political figures drive 74% of all threats
• Microsoft flags major phishing campaign targeting 35,000 users across 26 countries

Doppelganger

This time, however, Check Point found concrete evidence, as well as a detailed modus operandi of these operations. In January, the researchers found 1,300 domains containing the word “election” and almost 3,000 with the word “vote”. Between mid-April and mid-May, “election” held steady at around 1,140, while “vote” spiked to 4,010. “The volume is increasing as November approaches, and the mix is shifting toward the more voter-facing term,” it was explained.

While domain registration volume alone does not automatically mean malicious intent, security teams know that the domains are usually used for phishing pages impersonating information portals, fake donation collection sites, candidate impersonation, and misinformation distribution campaigns.

Check Point also said that it saw a Russian operation called Doppelganger cloning high-authority news sites (Reuters, The Washington Post, Fox News, and similar) and publishing fake news there, hoping other outlets would pick up and distribute it before realizing the scam.

“Security teams working with campaigns, election organizations, fundraising platforms, or any organization adjacent to this environment should treat this cycle as an elevated-risk period for phishing, brand impersonation, and credential-based attacks,” Check Point concluded. “That’s not because the threats are novel, but because the motivation and attention behind them are significantly higher than usual.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

CATEGORIES Cyber Security Computing Security Computing Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Security 'Cybercriminals are industrializing deception': new report reveals how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk - here's what you need to know    Security New report claims Trump is the most-deepfaked US politicans with over half of cases — these 3 political figures drive 74% of all threats    Security Microsoft flags major phishing campaign targeting 35,000 users across 26 countries    Security New study warns over half of Americans hit by fraud in 2025    Security Signal is being targeted by Russian hackers in a huge new phishing campaign, FBI says    Security Russian hackers hitting TP-Link home routers to hijack internet traffic    Latest in Security Security Rapid7 observes new Palo Alto VPN flaw exploited in the wild to bypass GlobalProtect authentication    Security Compromised Red Hat npm packages downloaded over 80,000 times in one week – supply chain attack still ongoing    Security Ransomware groups grow revenue by almost 40% in Q1 2026    Security Thousands of compromised websites abused by DriveSurge in active ClickFix and FakeUpdates campaigns    Security OpenAI Codex tool with over 29,000 downloads linked to malicious npm supply chain attack stealing authentication tokens    Security Multiple Linux distros hit by major 'CIFSwitch' flaw that gives attackers root access    Latest in News Pro Microsoft’s Project Solara looks to break AI out of the PC and into the real world    Pro Microsoft CEO Satya Nadella looks to allay fears over data center energy and water use    Pro “AI is now useful”: Nvidia CEO Jensen Huang thinks a new era for AI is here    Pro How a former Facebook whistleblower is being silenced 'regardless of whether what she says is true'    Health & Fitness Want a Runna membership for free? All you have to do to get 2 weeks free is log a 5k on Strava on June 3    VPN Services Decentralized NymVPN rolls out post-quantum protections as standard alongside a massive redesign    LATEST ARTICLES

1. 1Rivian's boss says Level 4 autonomous driving is "closer than people think"
2. 2'Stop duct-taping human email into machine workflows' — Hostinger unleashes Agentic Mail to fix the biggest bottleneck in AI automation
3. 3Microsoft CEO Satya Nadella looks to allay fears over data center energy and water use
4. 4Quordle hints and answers for Wednesday, June 3 (game #1591)
5. 5NYT Connections hints and answers for Wednesday, June 3 (game #1088)