A Moroccan hacking group infiltrated the IT networks of at least four Miami school districts ahead of the US presidential election last year, with the hope of hacking voting systems, according to a new report.
The group, known as MoRo, is said to have infected the school networks with malware which turned off logging tools, allowing them to probe and test the systems for three months.
The attack arrived in the form of a phishing email, luring users into clicking on a booby-trapped image. An unnamed city network was apparently also targeted.
As well as searching for sensitive student data to sell on, they were looking for a way to pivot to election systems, according to a Miami Herald report.
Yet although they managed to deface web pages on two sites with an ISIS-style image, the group was apparently unable to find the Social Security and other data it was looking for, or gain access to the voting systems it bragged on underground forums about taking down.
The attempt should still serve as a wake-up call, both for how easy it is to access school district networks without authorization, and whether there’s enough network segmentation between interlinked public-sector systems.
The news comes after new intel earlier this month revealed that Russia’s attempts to manipulate the US presidential election went much further than trying to change public opinion by hacking and releasing sensitive Democratic Party emails.
Three people with “direct knowledge of the US investigation” told Bloomberg that election systems in 39 states were targeted, bearing out revelations in an NSA leak reported by The Intercept.
The hackers are said to have targeted a maker of voting software used in eight states, and from there launched follow-up attacks on at least 100 state and local voting officials in the week prior to election day.