Russian intelligence services sent spearphishing emails to more than 120 email accounts used by Florida election officials in November 2016, according to Special Counsel Robert Mueller’s report on Russian interference in the 2016 election.
The emails contained Word documents with malicious macros. The FBI, which investigated the matter, believes the network of at least one Florida county government was successfully hacked as a result of these emails.
The report doesn’t say where the hack took place or what the hackers may have had access to. According to the South Florida Sun Sentinel, the Florida Department of State said that it “has no knowledge or evidence of any successful hacking attempt at the county level during the 2016 elections,” and that the FBI won’t disclose which county the report was referring to.
“Upon learning of the new information released in the Mueller report, the Department immediately reached out to the FBI to inquire which county may have been accessed, and they declined to share this information with us,” said a spokeswoman for Florida’s Secretary of State.
Spearphishing is a fairly simple and extremely effective method of compromise used by attackers of all skill levels, including the most sophisticated state-sponsored hackers. Until employees learn to avoid clicking on potentially-malicious links or attachments, spearphishing will remain the weapon of choice for targeted cyberattacks. New-school security awareness training can give your employees the knowledge necessary to defend your organization against this threat. The South Florida Sun Sentinel has the story: https://www.sun-sentinel.com/news/politics/fl-ne-mueller-report-florida-findings-20190418-story.html
Russia's work with cyber criminals surging
The Russian government is increasingly partnering with cyber criminals in its online espionage efforts, Obama administration national security official John Carlin told "60 minutes" Sunday.
"This is a kleptocracy. This is a government by theft. And the thing that matters the most is that you do what the don wants, what the head of the crime family wants. And here, the head of the crime family is Putin."
— John Carlin, former U.S. Assistant Attorney General for National Security
Why it matters: Carlin's comments come after the release of the redacted findings of Special Counsel Robert Mueller's investigation showed concerns of Russian interference in U.S. elections. "We understand the FBI believes that this operation enabled [Russian military intelligence] to gain access to the network of at least one Florida county government," in the 2016 elections," the report states.
The other side: Putin has previously denied any allegations of Russia being involved in hacking.
The big picture: Carlin, author of "Dawn of the Code War," told CBS' Lesley Stahl Russian cyber espionage is one of the greatest threats to the U.S. Spy agencies can cover their tracks by hiring cyber criminals to do the work for them.
"Increasingly, you cannot tell which is which when it comes to the criminal and the intelligence agency. So one day, the same crook may be doing something purely to make a buck. But that same crook may be directed by a trained intelligence operative using the same tools and techniques to steal information from them for the goals of the state."