“The researchers said that the Russian-speaking hacker had an unusual business model, in that he scanned for ways to break into all manner of businesses and other entities and then moved rapidly to sell that access, rather than stealing the data himself.
‘We don’t think he actually works for any government or is super-sophisticated,’ Barysevich said.
In the case of the election commission, the hacker used methods including an SQL injection, a well-known and preventable flaw, obtaining a list of usernames and obfuscated passwords, which he was then able to crack.”
Source: U.S. election agency breached by hackers after vote | Reuters