Perimeter

12/19/2018
04:30 PM
50%
50%

US Names, Sanctions Russian GRU Officials for 2016 Election Hacks

Treasury Department names and imposes economic sanctions on the alleged major players behind the Russian election-meddling operation, as well as the World Anti-Doping Agency breach.

Nine Russian GRU officers were sanctioned today by the US Department of Treasury for their alleged hacking and document theft of US election systems during the 2016 presidential race, as well as for hacking the World Anti-Doping Agency database. The officers also were indicted on July 13 by the US. They are:

  • Aleksey Aleksandrovich Potemkin (Potemkin), who ran the computer infrastructure used by the hackers for releasing stolen documents online.
  • Anatoliy Sergeyevich Kovalev (Kovalev), who in July 2016 hacked a state board of elections website and pilfered voter information, as well as hacked a US firm that provided voter registration verification software for the 2016 election. 
  • Viktor Borisovich Netyksho (Netyksho), a GRU unit commander.
  • Boris Alekseyevich Antonov (Antonov), who managed the actors targeting the US election.
  • Ivan Sergeyevich Yermakov (Yermakov), who hacked email accounts and servers related to the US election, as well as the World Anti-Doping Database in 2016.
  • Aleksey Viktorovich Lukashev (Lukashev), who sent spear-phishing emails to US election campaign officials.
  • Nikolay Yuryevich Kozachek (Kozachek), who wrote the malware used by the GRU used to hack into networks during the election.
  • Artem Andreyevich Malyshev (Malyshev), who monitored the GRU malware and helped hack WADA's database.
  • Aleksandr Vladimirovich Osadchuk (Osadchuk), a GRU commanding officer. 

Read the full sanctions report here, which includes other Russian officials sanctioned for the WADA hack, the online election-influence campaign, and the March 2018 nerve agent attack on Sergei Skripal and his daughter.

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10014
PUBLISHED: 2019-03-24
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
CVE-2019-10015
PUBLISHED: 2019-03-24
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.
CVE-2019-10017
PUBLISHED: 2019-03-24
CMS Made Simple 2.2.10 has XSS via the advanced_search.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
CVE-2019-10010
PUBLISHED: 2019-03-24
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.
CVE-2019-9978
PUBLISHED: 2019-03-24
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.