331
ItalyGate: Every voting tabulator machine needs to be checked for Fujinama Malware (ctfmon.exe) – This is what Arturo D’Elia infected Leonardo S.p.A with.
posted ago by carl_spangler ago by carl_spangler +331 / -0

Threat Analysis of Fujinama Malware:

https://reaqta.com/2021/01/fujinama-analysis-leonardo-spa/

Arturo D’Elia, whose statement is at the heart of ItalyGate, was arrested on Dec. 5th 2020 for placing malware (Fujinama) into 96 computers located in, and around, Leonardo S.p.A Pomigliano plant.

"An interesting part of Fujinama is the ability to execute custom commands and custom exfiltrations as instructed by the C2. Every 5 minutes a configuration file stored on the C2 for each infected endpoint, is polled."

Translation: Every five minutes infected machines will poll a command server (C2) for instructions to execute. The actual voting machines themselves might be harmless enough and air gapped but the tabulator computers counting and reporting the votes might be the at-risk targets.

Straight from Dominion Manual below:

“Transmission of results via modem is a very intuitive process, involving minimal input from a poll worker. The ImageCast Precinct can be configured to automatically transmit results after the polls have been closed.”

https://sos.ga.gov/admin/files/Dominion%20RFI_No%20Redactions.pdf

33 comments
33 comments share save hide report block hide child comments
Comments (33)
sorted by:
You're viewing a single comment thread. View all comments, or full comment thread.
1
Anachronox 1 point ago +1 / -0

That is strange. And I am afraid I wouldn't be of much help in that dept. And damn. Sounds like you are in deep, but hopefully they leave you alone once/if things settle down. I would keep a low profile in the meantime. Thanks for your hard work.

permalink save report block reply