Leaked NSA document points to Russian phishing campaign for US elections

Spread the love

A leaked NSA document shows that Russian military intelligence GRU carried out phishing attacks against a US election software and equipment company and election officials. The US has arrested a suspect for leaking the information.

The NSA document was published by The Intercept. The site writes that the security service has requested that some parts of the document be removed before publication. The site did this for pieces that were ‘clearly not in the public interest’. The document shows that the NSA is convinced that the GRU wanted to reach government election officials through the US company through phishing.

On August 24, Russian intelligence is said to have sent emails to the company, purporting to be from Google. The company is not explicitly mentioned, but The Intercept writes that it may be VR Systems, which provides services to eight US states from Florida. The services include the provision of software and devices to track who is allowed to vote. The NSA document shows that the phishing campaign provided the credentials of at least one employee of the company.

A second phishing campaign was then launched, this time from a Gmail account of ‘vr.selections’. On October 31 or November 1, shortly before the US election, emails were sent from the account to 122 email addresses “related to local governments” belonging to “persons engaged in the administration of registration systems for voters’. The messages contained malicious Word documents that used PowerShell scripts to access the recipient’s system through a backdoor. The NSA reports in the document that it is unclear what the consequences of this action were.

Reuters news agency writes that the US government on Monday charged a 25-year-old outside government employee with leaking classified information. Sources report to the organization that it would indeed be the NSA document that was passed on to The Intercept. It concerns the woman Reality Winner, who according to researchers was one of six people who printed the document. She worked for the company Pluribus International and had access to highly classified information, according to the indictment. Her arrest is said to have taken place as early as June 3, and the charges were released by The Intercept shortly after publication, Reuters said.

An illustration from the document

You might also like
Exit mobile version