Russia's military agency launched an attack days before Election Day on a U.S. company in Florida that provides election services and systems, including voter registration, according to the top-secret report posted by the Intercept.
Per the NSA report, Russian hackers sent emails to people who worked at the company that provides state and local election offices with voter registration systems...trying to trick them into giving up their user credentials, with at least one employee account compromised. The Russians then used information from that account to launch a separate phishing attack targeting 122 local election officials. The officials were sent emails that appeared to be from the vendor in an effort to trick the recipients to click on an attachment or link that could have introduced malware into their computers. If successful, the jackers would have gained control of the infected computer, which could result in corrupting voter information.
VR Systems, the Florida-based election systems provider stated:
"When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all out customers and advised them not to click on the attachment. We are only aware of a handful of our customers who actually received the fraudulent emails, and of those, we have no indication that any of them clicked on the attachment or were compromised as a result. Phishing and spear-phishing are not uncommon in our society. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company."