{"id":7796,"date":"2018-07-27T15:01:22","date_gmt":"2018-07-27T15:01:22","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29173\/How-They-Do-It-GRU-Hackers-Versus-US-Elections.html"},"modified":"2018-07-27T15:01:22","modified_gmt":"2018-07-27T15:01:22","slug":"how-they-do-it-gru-hackers-versus-us-elections","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/","title":{"rendered":"How They Do It: GRU Hackers Versus US Elections"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/gru-hacking-usa-800x450.jpg\"\/><\/p>\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/gru-hacking-usa.jpg\" class=\"enlarge-link\" data-height=\"563\" data-width=\"1000\">Enlarge<\/a> <span class=\"sep\">\/<\/span> #Cyberz.<\/div>\n<div class=\"caption-credit\">Aurich Lawson \/ Getty<\/div>\n<aside id=\"social-left\"><a title=\"155 posters participating, including story author.\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2018\/07\/from-bitly-to-x-agent-how-gru-hackers-targeted-the-2016-presidential-election\/?comments=1\"><span class=\"comment-count-before\">reader comments<\/span> <span class=\"comment-count-number\">510<\/span><\/a><\/p>\n<div class=\"share-links\"><span>Share this story<\/span> <\/div>\n<\/aside>\n<aside class=\"pullbox sidebar story-sidebar right\">\n<\/aside>\n<p>In a press briefing just two weeks ago, Deputy Attorney General Rod Rosenstein announced that the grand jury assembled by Special Counsel Robert Mueller had returned an indictment against 12 officers of Russia&#8217;s Main Intelligence Directorate of the Russian General Staff (better known as Glavnoye razvedyvatel&#8217;noye upravleniye, or GRU). The indictment was for conducting &#8220;active cyber operations with the intent of interfering in the 2016 presidential election.&#8221;<\/p>\n<p>The <a href=\"http:\/\/www1.icsi.berkeley.edu\/~nweaver\/netyksho_et_al_indictment_ocr.pdf\">filing<\/a> [PDF] spells out the Justice Department&#8217;s first official, public accounting of the most high-profile information operations against the US presidential election to date. It provides details down to the names of those alleged to be behind the <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/12\/the-public-evidence-behind-claims-russia-hacked-for-trump\/\">intrusions into the networks of the Democratic National Committee and the Democratic Congressional Campaign Committee<\/a>, the theft of emails of members of former Secretary of State Hillary Clinton&#8217;s presidential campaign team, and various efforts to steal voter data and undermine faith in voting systems across multiple states in the run-up to the 2016 election.<\/p>\n<p>The allegations are backed up by data collected from service provider logs, Bitcoin transaction tracing, and additional forensics. The DOJ also relied on information collected by US (and likely foreign) intelligence and law enforcement agencies. Reading between the lines, the indictment reveals that the Mueller team and other US investigators likely gained access to things like Twitter direct messages and hosting company business records and logs, and they obtained or directly monitored email messages associated with the GRU (and possibly WikiLeaks). It also appears that the investigation ultimately had some level of access to internal activities of two GRU offices.<\/p>\n<p>This is the first time that President Donald Trump&#8217;s Justice Department has filed official charges against members of a Russian government agency for taking actions intended to influence the outcome of the 2016 presidential campaign\u2014though Rosenstein was careful to assert that there was no allegation that votes were changed by this operation. The indictment details match up with much of what we&#8217;ve already learned about the information operations campaign run by the GRU. But the new findings went further, comfortably identifying each person behind the various elements of the campaign, from the first spear phish to the final data theft.<\/p>\n<p>Yet, after a summit meeting with Russia&#8217;s President Vladimir Putin just days following the indictment, Trump publicly expressed doubt that Russia was involved. The president has said that Putin strongly denied any interference in the election\u2014even as the United States&#8217; own director of national Iintelligence, Dan Coats, reiterated the conclusion that Russia was responsible for the attacks. With such rhetoric, Trump has continued to send mixed messages about the findings of his own intelligence and law enforcement teams, while seeming to put more stock in Putin&#8217;s insistence that the Russian government had nothing to do with any of this.<\/p>\n<p>After digging into this latest indictment, the evidence suggests Trump may not have made a very good call on this matter. But his blaming of the victims of the attacks for failing to have good enough security, while misguided, does strike on a certain truth: the Clinton campaign, the DNC, and DCC were poorly prepared for this sort of attack, failed to learn lessons from history, and ignored advice from some very knowledgeable third parties they enlisted for help.<\/p>\n<h2>The GRU order of battle<\/h2>\n<div class=\"gallery shortcode-gallery gallery-wide\">\n<ul>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/haxx-150x150.jpg\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/haxx.jpg\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/haxx-980x551.jpg 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/haxx.jpg 2560\" data-sub-html=\"#caption-1350163\">\n<div class=\"caption\">An organizational chart of the two GRU units involved in the DNC, DCCC, Clinton campaign and state election organization hacks based on Special Counsel Robert Mueller&#8217;s indictment.<\/div>\n<\/li>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/Screen-Shot-2018-07-17-at-1.12.52-PM-150x150.png\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/Screen-Shot-2018-07-17-at-1.12.52-PM.png\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/Screen-Shot-2018-07-17-at-1.12.52-PM-980x567.png 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/Screen-Shot-2018-07-17-at-1.12.52-PM-1440x833.png 2560\" data-sub-html=\"#caption-1345837\">\n<div class=\"caption\">20 Komsomolskiy Prospekt, Moscow, Russia\u2014the home of GRU Unit 26165.<\/div>\n<\/li>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/22-kirova-Novator-Business-Center-150x150.jpeg\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/22-kirova-Novator-Business-Center.jpeg\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/22-kirova-Novator-Business-Center.jpeg 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/07\/22-kirova-Novator-Business-Center.jpeg 2560\" data-sub-html=\"#caption-1345839\">\n<div class=\"caption\">&#8220;The Tower&#8221;\u201422 Kirova Street, in the Moscow suburb of Khimki\u2014is a former business tower, now owned by Russia&#8217;s Defense Ministry and home of GRU Unit 74455.<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<aside class=\"pullbox sidebar story-sidebar right\">\n<\/aside>\n<p>The indictment includes a significant amount of detail about the organizational structure of the GRU units allegedly involved in the wide-ranging information operations during the US presidential election. The source of the attribution is not revealed in the indictment. However, the level of detail\u2014including when certain individuals connected to remote applications\u2014indicates that US intelligence and law enforcement officials were working with more than just the forensic data provided by CrowdStrike. Trump&#8217;s &#8220;where&#8217;s the server?&#8221; protests seem even less well grounded in reality than they did before.<\/p>\n<p>The details in the newest indictment get down to the organizational division of labor at GRU. &#8220;There was one unit that engaged in active cyber operations by stealing information,&#8221; said Rosenstein, &#8220;and a different unit that was responsible for disseminating the stolen information.&#8221;<\/p>\n<p>The espionage operation was run by Unit 26165, commanded by GRU\u00a0Officer Viktor Borisovich Netykshko. Unit 26165 appears to be the organization behind at least part of the &#8220;threat group&#8221; of tools, techniques, and procedures known as &#8220;Fancy Bear,&#8221; &#8220;Sofacy,&#8221; &#8220;APT28,&#8221; and &#8220;Sednit.&#8221; Within the unit, two divisions were involved in the breaches: one specializing in operations and the second in development and maintenance of hacking tools and infrastructure.<\/p>\n<p>The operations division, supervised by Major Boris Alekseyevich Antonov, specialized in targeting organizations of intelligence interest through spear-phishing campaigns and the exploitation of stolen credentials. Antonov&#8217;s group included Ivan Sergeyevich Yermakov and Senior Lieutenant Aleksey Viktorovich Lukashev, according to the indictment, and they were responsible for targeting the email accounts that were exposed on the &#8220;DCLeaks&#8221; site prior to the election operations.<\/p>\n<p>The second division, overseen by Lieutenant Colonel Sergey Aleksandrovich Morgachev, managed the development and maintenance of malware and hacking tools used by Unit 26165, <a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/02\/new-mac-malware-pinned-on-same-russian-group-blamed-for-election-hacks\/\">including the X-Agent<\/a> &#8220;implant.&#8221; X-Agent is a signature tool of Fancy Bear operations\u2014a cross-platform backdoor toolset with variants for Windows, MacOS, Android, and iOS. The Windows and MacOS versions of X-Agent are capable of recording keystrokes, taking screenshots, and exfiltrating files from infected systems back to a command and control server.<\/p>\n<p>Lieutenant Captain Nikolay Kozacheck (who used the hacker monikers &#8220;kazak&#8221; and &#8220;blablabla1234465&#8221;) was the primary developer and maintainer of X-Agent, according to the indictment, and he was assisted by another officer, Pavel Yershov, in preparing it for deployment. Once X-Agent was implanted on the DNC and DCCC networks, Second Lieutenant Artem Malyshev (AKA &#8220;djangomagicdev&#8221; and &#8220;realblatr&#8221;) monitored the implants through the command and control network configured for the task.<\/p>\n<p>The information operations unit, Unit 74455, was commanded by Colonel Aleksandr Vladimirovich Osadchuk. Unit 74455&#8217;s members would be responsible for the distribution of some of the stolen data from the breaches through the <a href=\"https:\/\/arstechnica.com\/tech-policy\/2016\/10\/is-russia-using-journalists-as-weapons-does-it-matter\/\">&#8220;DCLeaks&#8221; and &#8220;Guccifer 2.0&#8221; websites<\/a>. This group famously also reached out to WikiLeaks (referred to as &#8220;Organization 1&#8221; in the indictment) to amplify their information operation, and they <a href=\"https:\/\/arstechnica.com\/tech-policy\/2016\/10\/is-russia-using-journalists-as-weapons-does-it-matter\/\">promoted the leaks to journalists through GRU-controlled email and social media accounts<\/a>.<\/p>\n<p>Within Unit 74455, Officer Aleksy Potemkin\u2014a department supervisor\u2014oversaw information operations infrastructure. His group configured the DCLeaks and Guccifer 2.0 blogs and social media accounts that would later be used to spread data stolen from the DNC, DCCC, and Clinton campaigns. Osadchuk would also direct another information operation\u2014assigning GRU\u00a0Officer Anatoly Kovalev and others to conduct a campaign against state election boards and elections.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29173\/How-They-Do-It-GRU-Hackers-Versus-US-Elections.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":7797,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[2345],"class_list":["post-7796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinegovernmentusarussiafraudcyberwarspyware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How They Do It: GRU Hackers Versus US Elections 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How They Do It: GRU Hackers Versus US Elections 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-27T15:01:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/how-they-do-it-gru-hackers-versus-us-elections.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"How They Do It: GRU Hackers Versus US Elections\",\"datePublished\":\"2018-07-27T15:01:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/\"},\"wordCount\":1176,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/how-they-do-it-gru-hackers-versus-us-elections.jpg\",\"keywords\":[\"headline,government,usa,russia,fraud,cyberwar,spyware\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/\",\"name\":\"How They Do It: GRU Hackers Versus US Elections 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/how-they-do-it-gru-hackers-versus-us-elections.jpg\",\"datePublished\":\"2018-07-27T15:01:22+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/how-they-do-it-gru-hackers-versus-us-elections.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/how-they-do-it-gru-hackers-versus-us-elections.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-they-do-it-gru-hackers-versus-us-elections\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,usa,russia,fraud,cyberwar,spyware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentusarussiafraudcyberwarspyware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How They Do It: GRU Hackers Versus US Elections\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How They Do It: GRU Hackers Versus US Elections 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/","og_locale":"en_US","og_type":"article","og_title":"How They Do It: GRU Hackers Versus US Elections 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-07-27T15:01:22+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/how-they-do-it-gru-hackers-versus-us-elections.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"How They Do It: GRU Hackers Versus US Elections","datePublished":"2018-07-27T15:01:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/"},"wordCount":1176,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/how-they-do-it-gru-hackers-versus-us-elections.jpg","keywords":["headline,government,usa,russia,fraud,cyberwar,spyware"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/","url":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/","name":"How They Do It: GRU Hackers Versus US Elections 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/how-they-do-it-gru-hackers-versus-us-elections.jpg","datePublished":"2018-07-27T15:01:22+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/how-they-do-it-gru-hackers-versus-us-elections.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/how-they-do-it-gru-hackers-versus-us-elections.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/how-they-do-it-gru-hackers-versus-us-elections\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,usa,russia,fraud,cyberwar,spyware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentusarussiafraudcyberwarspyware\/"},{"@type":"ListItem","position":3,"name":"How They Do It: GRU Hackers Versus US Elections"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/7796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=7796"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/7796\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/7797"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=7796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=7796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=7796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}