The Intercept’s classified NSA report, published in August 2016, suggest that a Russian Intelligence group hacked into an election hardware vendor in the U.S.
The group known as GRU used company data to ‘spear phish’ two campaigns against local government officials that handled absentee ballots associated with elections. The NSA has not released the name of the company.
Following the breaking story, the FBI announced the arrest of Reality Leigh Winner at her home in Augusta, Georgia. An NSA audit pointed to her as the leaker that removed the report from a security facility. The Intercept verified this after handing a copy over to the NSA. The NSA concluded that the copy had been shared among six employees but Winner was the only one in contact with The Intercept.
Seven email accounts at the vendor company were targeted in the same fashion as the one obtained to email accounts used by members of the Clinton campaign during the 2016 election, according to the report. At least one of those accounts appears to have been compromised, as information from the company was then used in two separate sets of e-mails with malicious attachments sent to election officials just days before the election.
The first email batch ran from Oct. 31 and Nov. 1 sent to 122 local election officials whose e-mail addresses were likely tracked by a compromised vendor e-mail account. The e-mails specifically asked for instruction in a Microsoft Word file on how to create software to check a voter’s registration status.
There may have also been installed espionage malware on the targets’ computer files since they had been “Trojanized” with Visual Basic for Applications code to access a malicious website.
The NSA also could not further have indicated whether the attackers were successful and what the source of the additional malware was.
The attackers sent several test messages, without malicious contents, to other accounts, including two non-existent e-mail accounts at the domain for the election office of the government of the territory of American Samoa. This was likely an effort of probing to see if the accounts existed, according to the leaked NSA report.
It is yet to be determined whether the attackers succeeded in compromising the computers of election officials. The dates failed to match up with previously reported attacks on state election officials.
Featured Image via “Wikimedia Commons.”