We’ve heard a lot about Russians attackers attempting to hack the US election, but another hacking group also allegedly wanted to interfere with the election; they attempted to pivot from compromised school districts to state voting systems. The Miami Herald reported that MoRo, a group of hackers based in Morocco, penetrated “at least four Florida school district networks” and purportedly searched for a way “to slip into other sensitive government systems, including state voting systems.” According to United Data Technologies (UDT), the firm which investigated the breaches “incidents,” the hackers successfully phished people working in the school districts, tricking them into clicking on an image in email which allowed malware into the system. The article does note that the hackers also targeted an unnamed Florida city network with a similar attack.
After the school district systems were infected with malware, the hacking group “turned off the logs recording who accessed the systems.” UDT analysts had a hard time figuring out for sure what all the hackers had done. Turning off the logs was called a “sophisticated maneuver” that UDT “had never seen before.” (Silly me, I thought disabling logging was fairly common if a hacker doesn’t wanted busted immediately.)
Despite the lack of logs, UDT determined the hackers were in the system for three months, “mapping them out and testing their defenses. At one point, they even posted photos of someone dressed as an ISIS fighter on two school district websites.”