Leaked NSA Report Claims Russian 'Cyber Espionage' Against US Elections

Uploaded on 2017-06-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

US intelligence services believe hackers acting on behalf of the Russian military intelligence "executed cyber espionage operations" against election systems days before the country went to the polls in November las year.

A leaked NSA document report says at least one company providing software for the electoral process was targeted. More than 100 local election officials were also targeted by spear-phishing emails, the document alleges.

The publication of the document has been followed by the FBI announcing it has charged 25-year-old NSA contractor Reality Leigh Winner in connection with removing 'classified' information from a government location and providing it to a news organisation.

Within the five-page leaked document, there is no suggestion that the US result was impacted by the hacking attempts but it is the most detailed report to surface from officials about Russian interference within the election process.

"Russian General Staff Main Intelligence Directorate actors executed cyber espionage operations against a named US company in August 2016, evidently to obtain information on elections-related software and hardware solutions,' the NSA report says. The security agency says it received this information in April 2017 and the report is dated May 5.

The report continues: "The actors likely used data obtained from that operation to create a new email account and launch a voter registration-themed spear-phishing campaign targeting US local government organisations". It is believed the government officials, who were involved in voter registration systems, were targeted following their names being taken from the hacked company.

"It is unknown whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor," a comment attached to the document says.

Within the spear-phishing campaign the Russian actors sent malware inside a Word document which, when opened, would run a script that would infect other machines. The NSA's document also says email addresses were created by the Russian actors that may have been used to "offer election-related products and services".

Recently Winner was arrested and charges were announced by the US Justice Department. Within a 6-page affidavit it is alleged that Winner, who worked for Pluribus International Corporation, printed the NSA document and then sent it to the news organisation. 

Winner was identified following the NSA tracing the document's movements. It "appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space," the legal document says. The security agency then says it found six individuals had printed the report and a scan on those people's computers showed she had been in contact with the news outlet.

The FBI added that Winner admitted to printing and sharing the document. If convicted of a crime, she could face a 10-year prison sentence.

Publication of the document comes just days after Vladimir Putin insisted his country wasn't involved in hacking. "I'm deeply convinced that no hackers can radically influence another country's election campaign," Putin said. However, at the St Petersburg economic forum, he conceded it would be "theoretically possible" for people to hack election systems.

Wired

You Might Also Read:

Electoral Influence: 40yrs Of Kremlin Interference:

Russian Military Was Behind Hacking Clinton Campaign:

How Russian Cyber Power Attacked The US:

 

 

 

« Islamic State's Social Media Strategy
UK’s Trident Nuclear Subs Vulnerability To Hackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

Kaymera Technologies

Kaymera Technologies

Kaymera’s comprehensive mobile enterprise security solution defends against all mobile threat and attack vectors.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

U2opia Technology

U2opia Technology

U2opia is a consortium with a proven track record of delivering groundbreaking technology, cybersecurity, and innovative business solutions.

SecondSight

SecondSight

SecondSight’s Vertical AI embodies a full-spectrum approach to cyber insurance, facilitating accurate digital risk profiling.

MOBIA Technology Innovations

MOBIA Technology Innovations

MOBIA is a leading Canadian business transformation partner, helping businesses across industries evolve.

Visernic

Visernic

VISERNIC is a cyber security firm with a team of certified security experts dedicated to protecting organizations from evolving cyber threats.