The FBI, the US Department of Homeland Security (DHS) and the CISA have released a new piece of advice that provides more details on how Iranian hackers managed to steal voter registration information from the country's government sites, including polling stations. sites. The stolen voter data was then used to intimidate Democratic voters through e-mail, which are supposed to have come from Proud Boys, to persuade them to vote for him Tramp. Efforts to collect voter information from polling stations took place in the meantime September 29 and October 17.
According to the FBI, DHS and CISA, the Iranian hackers aimed to intervene in this year's US elections taking advantage of known vulnerabilities, web shell uploads, structured query language (SQL) injection but also utilizing unique defects sites.
In particular, Iranian hackers used the vulnerability scanner for the first time Acunetix to detect security vulnerabilities affecting target sites, which later allowed them to exploit unsafe servers. With the attacks were able to successfully download them data voter registration for at least one of their states USA, taking advantage of the incorrect configuration and vulnerabilities of the election sites.
To do this, they used scripts designed to use the "cURL" tool to repeat voter registrations, to automatically switch to databases and their subsequent download.
The FBI said in a statement issued a few days ago that many of the IP addresses used by Iranian hackers in the Proud Boys' fake email campaign came from the service. NordVPN, and may correspond to other VPN providers, including CDN77, HQSERV and M247.
During the investigation, the FBI also found evidence that Iranian hackers searched the following information during their efforts to scan and exploit polling stations.:
- YOURLS exploitation
- Bypass ModSecurity Web Application Firewall
- Detect Web Application Firewalls
- SQLmap Tool
As the BleepingComputer points out, the FBI and CISA provide the following mitigation measures to prevent future attacks:
- Apply updates and patches to systems And the applications
- Scanning web applications for SQL injection and other common web vulnerabilities
- Web application firewall development
- Development of web shells protection techniques
- Use Multi-Factor Authentication (MFA) for Administrator Accounts
- Restoration of critical web application security risks