“But they have gone from propaganda to deliberate interference in this election,” John Hultquist, the senior director of FireEye, a Silicon Valley security firm, said after Wednesday’s announcement.
“Their focus here is to prey on existing fears that election infrastructure will be subverted and hacked, as well as fears of voter intimidation,” he said.
Mr. Ratcliffe and Mr. Wray said little about Russia, but until the wave of fake emails, Moscow had been the No. 1 concern of the National Security Agency, United States Cyber Command and the Department of Homeland Security’s Cyber Infrastructure and Security Agency, which has responsibility for helping states secure their voting systems.
Two weeks ago, Cyber Command, a part of the military, helped paralyze a complex network developed by Russian-speaking hackers and used in ransomware attacks on cities and towns across the United States, along with many companies. Microsoft led a team of firms doing the same, armed with court orders that enabled them to take down the command-and-control servers used to distribute the tools, which are called TrickBot. The move was made to disrupt the system so that it could not be used to lock up voter registration systems.
In recent days, another Russian hacking group called Energetic Bear, often linked to the F.S.B. — one of the successors to the Soviet Union’s K.G.B. — appears to have focused its attentions on gaining access to state and local government networks. That has caught the attention of federal investigators, because until now the group had largely targeted energy firms, including public utilities.
But there is no evidence that the hackers have directly attacked any election infrastructure. The fear among cybersecurity experts is that once inside local government networks, they could attempt to move laterally, into voter registration databases.
So far, there is no evidence they have attempted to do that, but officials said that kind of move would only come in the last days of the election campaign, if at all.