Besides graphical data files, including voter registration records and credentials from Voter Portal, the actors also leaked large data sets containing voters’ credentials collected using infostealers. Such malware programs, including Nexus<\/a>, Medusa<\/a>, Redline<\/a>, Lumma<\/a>, and Racoon<\/a>, are designed to steal sensitive information such as login credentials and financial data. Specific signatures identified in leaked data sets may confirm that they originate not from any vulnerable election systems, but likely from compromised consumers with malicious code. The compromised credentials could have been obtained by intercepting login forms on popular Internet browsers or by accessing password storage on compromised devices. At some point, threat actors were aiming to leak a big number of voters’ records to create a perception that elections systems are vulnerable. In fact, the origin of these credentials is on the consumer side, as many Internet users are getting infected with malware due to poor network hygiene and lack of cybersecurity awareness.<\/p>\n\n\n\n
The full report is available here: https:\/\/www.resecurity.com\/blog\/article\/cybercriminals-are-targeting-elections-in-india-with-influence-campaigns<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a>
(<\/strong>SecurityAffairs<\/strong><\/a> \u2013<\/strong> hacking, India)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"