A leaked NSA investigation has revealed that Russian hackers hacked into election-related software to launch a voter-registration themed spear-phishing campaign in the US last year.
The NSA report also reveals that phishing e-mails sent out by state-sponsored Russian hackers contained Microsoft Word documents trojanised with malicious Visual Basic script.
Back in November of last year, security experts from Volexity discovered a series of phishing e-mails which were sent to US think tanks, non-governmental organisations as well as people involved in national security, defence, international affairs, public policy and European and Asian studies.
The phishing e-mails were sent from hacked accounts at Harvard’s Faculty of Arts and Sciences. They promised to reveal the “truth” behind the US elections. These e-mails contained PDF and .zip attachments that lead to malware installer scripts.
A leaked NSA investigation report now confirms that state-sponsored Russian hackers went a few steps further. The report outlines how Russian hackers were able to conduct a spear-phishing campaign by hacking into election-related software just months prior to the US elections.
According to the report, the hackers “executed cyber espionage operations against a named U.S Company in August 2016”. This was evidently “to obtain information on elections-related software and hardware solutions.”
“The actors likely used data obtained from that operation to create a new email account and launch a voter-registration themed spear-phishing campaign targeting U.S. local government organizations,” it read.
According to Technology Review, the company targeted by hackers is most probably Florida-based VR Systems which supplies electronic poll books in states including California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia.
After stealing valuable data on software and hardware solutions, the hackers sent out phishing e-mails to US-based targets, offering election-related products and services. The e-mails were designed to mimic legitimate services. They contained trojanised Microsoft Word documents containing Visual Basic scripts with malicious infrastructure.
“This campaign appeared to be designed to obtain the end users’ email credentials. Users were enticed to click on an embedded link with a spoofed Google Alert email. This would redirect the user to the malicious domain,” the NSA report noted.
Technology Review further notes that voter-registration-related issues were experienced in the state of North Carolina on Election Day. This forced election officials to switch to ballot-paper based processes in several areas following system malfunctions.
A survey of security professionals conducted by Tripwire in August of last year revealed that as many as 63 per cent of information security workers believed hackers were manipulating election campaigns. The survey took place soon after suspected hackers stole data from the Democratic National Committee (DNC) computer network.
“This is an unprecedented moment in both politics and information security. A foreign power possibly influencing the US presidential election through electronic means is a game changer for information security professionals. While these survey results aren’t surprising, they are very important” said Tim Erlin, director of IT security and risk strategy at Tripwire.
“We’re seeing a significant shift in the role that information security plays on the global stage. While the DNC attack is the most visible, it’s not the first incident. We’ve been building up to this type of event for a number of years.”