By at least the summer of 2016, GRU officers sought access to state and local computer networks by exploiting known software vulnerabilities on websites of state and local governmental entities. GRU officers, for example, targeted state and local databases of registered voters using a technique known as “SQL injection,” by which malicious code was sent to the state or local website in order to run commands (such as exfiltrating the database contents).188 In one instance in approximately June 2016, the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a
...more
