Leonardo Munoz/AFP/Getty Images
Voters fill out their ballots at a polling station in New York City on Election Day, November 5.
CNN  — 

Federal investigators are running down email addresses from Russian internet domains that were used to make a slew of non-credible bomb threats across swing states on Election Day.

The effort underlines that though the presidential election is over, US intelligence and law enforcement agencies are still grappling with and analyzing a deluge of disinformation and online threats aimed at sowing discord among voters.

In the days before, on and after Election Day, for example, officials at the FBI and other agencies spent hours tracking videos and other social media posts, including ones they said were made by Russian operatives, people briefed on the matter said. It was the most active and aggressive the US government has been in combatting foreign influence in the age of social media, the sources said.

It is not yet clear who sent the bomb threats or from where. (A Russian email address can be used outside of Russia, and the bomb threats are entirely separate activity from the social media disinformation). But the spate of emails caused temporary evacuations at some polling centers and injected tension in the final hours of voting to an already-chaotic threat environment.

The unprecedentedly high tempo of the investigations is a response to an election when fake content was easier than ever to make and quicker to spread online, and right- and left-wing partisans were quick to amplify the content to claim voter fraud or suppression.

Iran and China also carried out online influence operations targeting the election, officials have previously said.

The 2024 US election cycle saw an “unprecedented amount of disinformation,” including falsehoods “aggressively peddled and amplified by our foreign adversaries at a greater scale than ever before,” Jen Easterly, head of the US Cybersecurity and Infrastructure Security Agency, said on Monday before Election Day.

Intelligence and law enforcement agencies have been quicker than in any previous election in debunking fake videos and images that have spread on the social media platform X, tracing some of them back to Russian operatives.

“In comparison to 2016 and 2020, this year the fight against foreign interference moved at light speed,” said Emerson Brooking, resident senior fellow at the Atlantic Council’s Digital Forensic Research Lab. “We saw intelligence disclosures coordinated in days or even hours across the US government, the information rapidly corroborated or expanded by independent researchers.”

In other respects, it was “just another Tuesday on the internet,” as some veteran cybersecurity experts like to say. Election offices reported scanning and an unsuccessful attempt by hackers to break into their networks, according to reports on threat activity disseminated in the election community reviewed by CNN. Swatting calls — or hoax calls designed to trigger a large law enforcement response — were made to schools in Maine that included polling locations.

The bomb threats emailed to polling locations and other facilities in battleground states like Arizona, Georgia and Pennsylvania were a twist in the 2024 election threat environment that officials did not have to deal with in 2020. It’s unclear if they impacted the number of votes cast but were evidence of a new tactic aimed at disrupting the election.

The FBI quickly passed the Russian email addresses used in the bomb threats to analysts in the intelligence community. But there are some clues about the activity that aren’t classified.

One of the email addresses appears to be behind a series of bomb threats levied at LGBTQ+ events in Massachusetts, Minnesota and Texas in June, according to a review of public records.

An email address reported by one state as being the source of a bomb threat on Election Day appears to match an email address used to make a bomb threat during a Pride Event in June in a northeast Minnesota town, according to a statement from the county sheriff’s office.

“My office drafted a search warrant for the computer the message was received on,” Pat Eliasen, the sheriff of Cook County, Minnesota, told CNN in an email on Thursday. “The IP address originated in Russia, when we spoke to the FBI, they confirmed it was a bot.”

A Russian IP address, however, does not confirm that the person using the computer is based in Russia. Virtual private networking (VPN) services can spoof locations.

The FBI did not immediately respond to requests for comment on the information it provided to Eliasen’s office.

Graphika, a New York-based firm that tracks information operations, reviewed the evidence CNN provided and confirmed that the Russian emailed domains are “likely part of a broader hoax campaign that has targeted organizations in the US and abroad since at least 2022.”

Another expert with cybersecurity firm SentinelOne, who requested anonymity, corroborated Graphika’s finding and linked the email addresses to a series of bomb threats in the US and abroad.

“Graphika’s findings suggest the fake bomb threats on Election Day in the US are just one part of a much bigger picture,” Jack Stubbs, Graphika’s chief intelligence officer, told CNN. “This activity appears to be part of a yearslong campaign of hoax bomb threats sent to schools, universities, and even airports in multiple countries around the world.”