‘Dozens’ of officials at the Democratic National Committee received phishing emails a week after the 2018 midterm elections, the DNC said in a legal filing as part of its ongoing lawsuit against Russia and WikiLeaks.
Several official DNC email addresses received spear-phishing emails on November 14 last year – eight days after the midterm elections that eventually saw Democrats take over the House of Representatives – the DNC said in the legal filing submitted late Thursday, according to the Wall Street Journal. There was no evidence the alleged attack was successful, the DNC reportedly said.
The DNC says an unsuccessful cyberattack targeted it after the 2018 midterms—and blames one of the same Russian groups that struck in 2016 https://t.co/LTgFqQTTmk
— The Wall Street Journal (@WSJ) January 18, 2019
In the filing, the DNC said it believed that a “Russian hacking group” called “Cozy Bear” was “likely” behind the phishing emails, which purported to come from State Department officials. This conclusion is apparently based on the timing and content of the email matching what cybersecurity company FireEye declared to be a “Cozy Bear” campaign at the time. The DNC’s legal filing did not provide forensic evidence to back up the claim, according to the WSJ.
CNN reported that the emails contained a PDF attachment that would have infected the recipient computer with malware if opened, citing anonymous sources within the DNC.
According to FireEye, “Cozy Bear” attempted phishing attacks against more than 20 of the company’s clients, including the US military, police, transportation companies and government.
In July last year, days before the Helsinki summit between US President Donald Trump and his Russian counterpart Vladimir Putin, special counsel Robert Mueller announced charges against twelve Russian“military intelligence” operatives for allegedly hacking into the DNC during the 2016 presidential election campaign.
Actual DNC servers were never examined by the FBI, however, which instead accepted the word of the DNC security contractor, CyberStrike. Multiple experts, including NSA whistleblower William Binney, have contested CrowdStrike’s version of events, saying that actual evidence pointed to the data being leaked from within the party rather than hacked from the outside.
The DNC has been jumpy ever since. In August 2018, it announced that “Russians” had tried to hack its voter database, only to backtrack a day later and explain it as a misunderstood cybersecurity test.
In December last year, the National Republican Congressional Committee (NRCC) admitted that unknown hackers had access to four of their email accounts since April. The House Republican leadership only found out about the hack when it was reported in the press, however, as the NRCC was investigating the breach internally with the help of a cybersecurity contractor and elected to say nothing for months, supposedly out of fear of compromising the investigation.
The name of that contractor? CrowdStrike.
Like this story? Share it with a friend!