Brand Heist: How GRU Operatives Sent Spear-Phishing Emails

Say what you want about the charges leveled against Russian operatives by Special Counsel Robert Mueller on Friday. If true, it’s clear that governments and scam artists are now using the same techniques. 

For example, GRU operative Anatoliy Sergeyevich Kovalev leveraged this discipline to send spear-phishing emails to state election officials, the indictment alleges. 

In June 2016, Kovalev researched “domains used by state boards of elections, secretaries of state, and other election-related entities,” seeking website vulnerabilities, the indictment states. Among other things, he was looking for state party email addresses. And he found them. 

By July, Kovalev and his cohorts had stolen data on 500,000 voters, including their names and dates of birth. They did so by hacking into the website of a state board of elections -- a state believed to be Illinois.

A month later, Kovalev hacked into the computers of a U.S. vendor that supplied software to verify voter registration for the 2016 election. That firm is believed to be Florida-based VR Systems, according to Politico reporter Eric Geller. VR Systems had not responded to a query at deadline. 



In August, the FBI issued an alert about the hacking of the election board, and Koralev started trying to cover his tracks. He deleted his search history and records from accounts used in the operation. But he wasn’t done.

In October, Koralev and his people visited the election websites of counties in Georgia, Iowa and Florida “to identify vulnerabilities” of offices responsible for administering the elections. 

And in November, they used an email account designed to look like the vendor they hacked to send 100 spear-phishing emails containing malware to elections officials in numerous Florida counties. The emails featured the vendor’s logo.

It was classic brand-hijacking. The emails said “click this link, again, pretending to be from that company, to establish legitimacy,” Politico reporter Eric Geller said on PBS. 

It’s unknown if this ruse had any impact on election results. As far as we know to date, Koralev did not use these techniques to send mass emails to voters. 

Still, it shows just how vulnerable the U.S. is. Why were state websites -- and that of the purported vendor -- so open to hacking?

Remember, these are only allegations. The defendants deserve their say in court, although it is unlikely they will show up for it.

Next story loading loading..