Advertisement

Report: Evidence shows Russia also involved in state election hacking

Security researchers believe they have uncovered a piece of digital forensic evidence that suggests Russia may have been involved in the recently disclosed hacking of two state voter databases in the U.S.
Russian President Vladimir Putin / (Photo access via en.kremlin.ru)

Security researchers believe they have uncovered a piece of digital forensic evidence suggesting Russia may have been involved in the recently disclosed hacking of two state voter databases in the U.S.

A common pattern has emerged between those attacks aimed at American voter information and a series of past email phishing campaigns targeting Turkish, Ukrainian and German political figures, which “fits a known Russian targeting focus,” according to Arlington, Va.-based cybersecurity firm ThreatConnect.

Earlier this week, a private FBI flash alert — intended for state and private sector cybersecurity partners — was published by Yahoo, bringing to light those attacks against voter databases in Illinois and Arizona. One of the eight Internet Protocol addresses that was identified in the FBI alert is familiar to ThreatConnect because it was used in the aforementioned spear phishing campaign in Turkey, Ukraine and Germany.

“As we explored malicious activity in the IP ranges around 5.149.249[.]172 we found additional linkages back to activity that could be evidence of Russian advanced persistent threat (APT) activity,” ThreatConnect’s research team wrote in a blog post. “This connection around the 5.149.249[.]172 activity is more suggestive of state-backed rather than criminally motivated activity.”

Advertisement

Other factors linking the attack back to Russia, include: six of the eight IP addresses noted by the FBI belong to a Russian-owned hosting service and this exact IP in question — 5.149.249[.]172 — previously hosted a Russian cybercrime market from January to May 2015, ThreatConnect found.

The research report, published on Friday, follows just one day after Bloomberg News conducted an interview with Russia President Vladimir Putin, in which the former Russian intelligence officer denied any and all government involvement in the Democratic National Committee’s data breach.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts