Mueller indictment implicates 12 Russian
Using various spearphishing techniques along with keylogging and screen capture spyware, special counsel, Robert Mueller alleges that 12 Russian military officers attempted to compromise the election.
Details of the breach:
On July 13, 2018, a grand jury delivered indictments against 12 officers of the Russian military in connection with 2016 hacks of the Democratic National Committee, as part of an investigation by special counsel Robert Mueller. Many of the defendants are identified as agents of Russia’s GRU intelligence agency. The indictments allege an ongoing attempt to compromise election infrastructure . Based on the contents of the indictment, the hackers discovered that the Clinton campaign used a Google tool called G Suite, which lets a company run its email accounts through a Google interface.
According to the indictment, hackers sent John Podesta, Clinton campaign chairman, a fake email designed to look like a Google security email. The hackers even made the email look like it came from an “@google.com” email address. Google email that led to a fake Google login page. Once Podesta typed in his username and password and hit submit, that information would have gone straight to the hackers’ computers. The conspirators then used additional spearphishing techniques to plant keylogging and screen scraping spyware to gain access to other victims computers.
Excerpts from the Indictment:
"By in or around April 2016, the Conspirators also hacked into the computer networks of the Democratic Congressional Campaign Committee ("DCCC") and the Democratic National Committee ("DNC"). The Conspirators covertly monitored the computers of dozens of DCCC and DNC employees, implanting hundreds of files containing malicious computer code ("malware"), and stole emails and other documents from the DCCC and DNC."
"On or about April 18, 2016, the Conspirators activated X-Agent’s keylog and screenshot functions to steal credentials of a DCCC employee who was authorized to access the DNC network. The Conspirators hacked into the DNC network from the DCCC network using stolen credentials. By in or around June 2016, they gained access to approximately thirty-three DNC computers. "
"In or around April 2016, the Conspirators installed X-Agent malware on the DNC network, including the same versions installed on the DCCC network. MALYSHEV and his co-conspirators monitored the X0Agent malware from the AMS panel and captured data from the victims computers. the AMS panel collected thousands of key log and screenshot results from the DCCC and DNC computers, such as a screenshot and keystroke capture of DCCC Employee 2 viewing the DCCC's online banking information. "
How to Stop the Threat of Keyloggers
Keyloggers and screen scraping are two of the main components of malware needed to advance a cyber-attack, including the attack to the DCCC and DNC described above. Eliminating this attack vector stops the function of the keylogger and subsequent theft of credentials and other personal data that was stolen in this breach.. Utilizing EndpointLock™ keystroke encryption software with anti-screen scraping technology would have encrypted all of the DCCC and DNC keystrokes and hid the employee's screens, rendering those features of the X-Agent malware useless to the Russian hackers and preventing the advancement of this breach.
To read the full indictment, click here.