Sign up for our daily briefing

Make your busy days simpler with the Axios AM and PM newsletters. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to the Axios Closer newsletter for insights into the day’s business news and trends and why they matter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios Pro Rata

Dive into the world of dealmakers across VC, PE and M&A with Axios Pro Rata. Delivered daily to your inbox by Dan Primack and Kia Kokalitcheva.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with the Axios Sports newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with the Axios Des Moines newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with the Axios Tampa Bay newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Nashville news?

Get a daily digest of the most important stories affecting your hometown with the Axios Nashville newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Columbus news?

Get a daily digest of the most important stories affecting your hometown with the Axios Columbus newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Dallas news?

Get a daily digest of the most important stories affecting your hometown with the Axios Dallas newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Austin news?

Get a daily digest of the most important stories affecting your hometown with the Axios Austin newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Atlanta news?

Get a daily digest of the most important stories affecting your hometown with the Axios Atlanta newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Philadelphia news?

Get a daily digest of the most important stories affecting your hometown with the Axios Philadelphia newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Chicago news?

Get a daily digest of the most important stories affecting your hometown with the Axios Chicago newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top DC news?

Get a daily digest of the most important stories affecting your hometown with the Axios DC newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Mikhail Svetlov/Getty Images

We knew that Russians previously targeted more than 20 states' voter registration databases, and likely targeted all 50. Now we know the complexity behind how 12 Russian military officers interfered in the U.S. elections thanks to a federal grand jury indictment released Friday.

The big picture: The information in this indictment will be vastly important for those trying to bolster election security and monitoring, and learning what to train for in basic cyber hygiene practices — which is especially important since we know Russia is likely to try interfering again.

By the numbers
  • The Russian military intelligence officers targeted over 300 people associated with the DCCC, DNC, and Hillary Clinton's campaign, monitored dozens of DCCC and DNC employees, and implanted hundreds of files with malware to steal emails and other documents.
  • In 2015 the Russians collected emails from individuals affiliated with the Republican Party in other spearphishing operations.
  • Starting in June 2016, they eventually disseminated over 50,000 documents using fake online personas, including DCLeaks and Guccifer 2.0, and through a web site, likely WikiLeaks. They worked through November 2016.
  • 11 Russian military intelligence officers are charged with conspiracy to commit computer crimes, 8 counts of aggravated identity theft, conspiracy to launder money, and 2 are charged with separate conspiracy to commit computer crimes.
How they did it

The Russian intelligence officers used spearphishing to steal victims’ passwords or access their computers.

  • For example, they allegedly spoofed email accounts to make it appear as if they came from Google, and once created an email account just one letter off from an email of a known member of the Clinton Campaign.

The Russians researched the computer networks of the DCCC (and DNC), including internet protocol configurations to identify connected devices.

  • They stole a DCCC employee’s credentials via a spearphishing email to access the network, and installed different kinds of malware on at least 10 computers to spy on and steal data using keylogs and screenshots. The Russians gained screenshots of an employee looking at the DCCC's online banking information.
  • They malware transferred information to a GRU-leased server in Arizona and established a middle server overseas to obscure the connection between the Arizona server and the DCCC.

The Russians hacked into the DNC via their access to the DCCC network through an employee who was authorized to access the DNC network. This employee’s computer was monitored with keylogs and screenshots, which is how the Russians stole those credentials.

  • The Russians gained access to 33 computers at the DNC and again installed different kinds of malware, which sent keylogs and screenshots back to the Arizona server.
  • The Russians hacked the Microsoft Exchange Server and stole thousands of emails from DNC work emails.
Efforts to conceal

The Russians covered their tracks by deleting logs and computer files related to the DCCC and DNC hacking. They also tried deleting traces of their work on DCCC computers with a program, CCleaner.

  • The conspirators laundered the equivalent of $95,000 through transactions meant to conceal their identities, including to purchase a virtual private network (VPN) account and to lease a server in Malaysia to host some dissemination web sites. Many of the companies processing these transactions were located in the U.S.
    • They also paid for their infrastructure by mining bitcoin, obtaining bitcoin from peer-to-peer exchanges, and using pre-paid cards.
  • They further masked their identities by purchasing infrastructure to use hundreds of different email accounts, sometimes using a new account for each purchase, and made false statements about their identities and used fake personas online to disseminate information.
Election meddling
  • They hacked the web site of a state board of elections and stole information of approximately 500,000 voters, including names, addresses, partial social security numbers, birthdays, and driver’s license numbers.
  • The Russians hacked into computers of a U.S. vendor that supplied software to verify voter registration information.
  • They designed an email account to look like the vendor’s email addresses and sent over 100 spearphishing emails containing malware to organizations and personnel involved in administrating elections in counties in Florida.
  • They targeted state and county offices that administered the 2016 U.S. elections, including accessing the web sites of counties in Georgia, Iowa, and Florida to identify vulnerabilities.
Fake personas

These names have been used as aliases for the Russian intelligence officers to encourage the dissemination of stolen information and to exchange bitcoin to fund their activity.

  • Mike Long
  • Ward DeClaur
  • Daniel Farrell
  • Jason Scott
  • Richard Gingrey
  • Alice Donovan
  • Den Katenberg
  • Yuliana Martynova
  • Karen W. Millen
  • James McMorgans
  • Kate S. Milton
  • @BaltimoreIsWhr
  • @dcleaks_
  • Guccifer 2.0
  • dirbinsaabol@mail.com
  • hi.mymail@yandex.com

Editor's Note: Get more stories like this by signing up for our daily morning newsletter, Axios AM. 

Go deeper

Scoop: Stephanie Ruhle to replace Brian Williams on MSNBC

Photo: Nathan Congleton/NBCU Photo Bank/NBCUniversal via Getty Images via Getty Images

MSNBC will soon announce plans to move morning anchor Stephanie Ruhle to the 11 pm ET hour that Brian Williams turned into an elite destination, two sources familiar with the move tell Axios.

Details: The 9 am ET hour, currently hosted by Ruhle, will become part of MSNBC's flagship morning show, "Morning Joe," which currently runs from 6 am to 9 am ET.

Oath Keepers leader denied bail on Capitol riot sedition charge

Oath Keepers co-founder Elmer Stewart Rhodes. Photo: Susan Walsh/AP

A federal judge ordered Oath Keepers leader Stewart Rhodes to remain jailed Wednesday until trial on charges stemming from the Capitol riot.

Why it matters: The judge said the most prominent far-right figure charged in the Jan. 6, 2021, insurrection had access to weapons and his alleged "continued advocacy for violence against the federal government" gave credence to prosecutors' view that, if released, Rhodes could endanger others.

Who in Congress is talking about Ukraine the most

Data: Quorum; Chart: Will Chase/Axios

Mentions of Ukraine or Ukrainian President Volodymyr Zelensky in congressional statements and social media posts have been on the rise — with nearly 1,000 already this month, according to data from Quorum.

Why it matters: The growing threat of a Russian invasion has been mirrored by a growth in Ukraine-related chatter.