Russian intelligence officers injected malicious SQL code and then ran commands to extract information

The Russian military intelligence unit known by its initials GRU targeted U.S. state election offices as well as U.S. makers of voting machines, according to Mueller’s report.

Victims of the Russian hacking operation “included U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and county governments, as well as individuals who worked for those entities,” the report said. “The GRU also targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter registration software and electronic polling stations.”

The Russian intelligence officers at GRU exploited known vulnerabilities on websites of state and local election offices by injecting malicious SQL code on such websites that then ran commands on underlying databases to extract information.

Using those techniques in June 2016, “the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website,” the report said. “The GRU then gained access to a database containing information on millions of registered Illinois voters, and extracted data related to thousands of U.S. voters before the malicious activity was identified.”

In another operation, GRU officers sent spearphishing emails to election officials and executives of companies that make voting machines, the report said.

In August 2016, GRU targeted employees of a company that develops software to manage voter rolls and installed malware on the company’s network, the report said without naming the company.

“Similarly, in November 2016, the GRU sent spearphishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election,” the report said. “The spearphishing emails contained an attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer.”

The Orlando Sentinel reported last week that Volusia County was affected by the GRU attack. The paper said county officials received emails purporting to be from Tallahassee-based VR Systems, the company that likely fell victim to the attack.

Read More