The Russian military intelligence unit known by its initials GRU targeted U.S. state election offices as well as U.S. makers of voting machines, according to Mueller’s report.

Victims of the Russian hacking operation “included U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and county governments, as well as individuals who worked for those entities,” the report said. “The GRU also targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter registration software and electronic polling stations.”

The Russian intelligence officers at GRU exploited known vulnerabilities on websites of state and local election offices by injecting malicious SQL code on such websites that then ran commands on underlying databases to extract information.

Using those techniques in June 2016, “the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website,” the report said. “The GRU then gained access to a database containing information on millions of registered Illinois voters, and extracted data related to thousands of U.S. voters before the malicious activity was identified.”

In another operation, GRU officers sent spearphishing emails to election officials and executives of companies that make voting machines, the report said.